A deadlock issue was found in the AHCI controller device (ich9-ahci) of QEMU while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. The bug is triggered on a software reset (ahci_reset_port) in the handle_reg_h2d_fis() function [1]. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. [1] https://github.com/qemu/qemu/blob/v6.1.0-rc4/hw/ide/ahci.c#L1215
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1997217] Affects: fedora-all [bug 1997215]
Has this issue been forwarde/notified to upstream?
In reply to comment #4: > Has this issue been forwarde/notified to upstream? Yes, this was reported via qemu-security mailing list. John Snow (IDE maintainer) is aware of it. John, do you happen to have any updates on this?