[Security] some vulnerability is caused by qemu code

[Crispy-fried-chicken]

Hi, Our tool have found that this repo reuse some of the qemu code, and remains some unfixed CVE. Some of there are as follows:

1. mode_sense_page function in the file qemu/hw/scsi/scsi-disk.c shares the similarity with the CVE-2021-3930, the fix is https://github.com/qemu/qemu/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8
2. mptsas_free_request, mptsas_process_scsi_io_request and mptsas_scsi_realize functions in the file qemu/hw/scsi/mptsas.c shares the similarity with the CVE-2021-3392, the fix is https://github.com/qemu/qemu/commit/3791642c8d60029adf9b00bcb4e34d7d8a1aea4d.

We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!

[xabiugarte]

First of all, thank you very much for your interest.

Unfortunately this project is being archived and will not be maintained. It will still be kept public for reference purposes. The Qemu version has not been updated in some time and is therefore subject to any bugs or vulnerabilities discovered since then.