Bug 2208325
| Summary: | QEMU: ui/cursor: make width/height unsigned 16-bit integer | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | carnil, ddepaula, eglynn, jen, jferlan, jjoyce, jmaloy, knoel, lhh, mburns, mgarciac, mkenneth, mrezanin, mst, pbonzini, security-response-team, spower, virt-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm 8.1.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
CVE-2023-1601 was originally allocated because of an incomplete fix for CVE-2021-4206. The CVE was subsequently rejected as the flaw was not confirmed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-24 08:44:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2208328, 2208327, 2208330, 2208331 | ||
| Bug Blocks: | 2208329 | ||
|
Description
Mauro Matteo Cascella
2023-05-18 15:28:26 UTC
Created qemu tracking bugs for this issue: Affects: epel-all [bug 2208328] Affects: fedora-all [bug 2208327] Hi Should this CVE be rejected? According to https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg05546.html there seems to be no code path which can trigger the overflow. Regards, Salvatore Hi, yes I'm going to reject this CVE. Thanks. |