doc: update security advisory for 1.6.1 release

Update mitigations for security vulnerabilities for ACRN 1.6.1 release Signed-off-by: Yonghua Huang <yonghua.huang@intel.com> Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2025-06-25 15:02:13 +00:00 · 2020-05-07 20:55:15 +08:00 · 2020-05-07 20:55:15 +08:00 · c4ab748cb9
commit c4ab748cb9
parent 765e40bdb1
1 changed files with 16 additions and 0 deletions
--- a/doc/asa.rst
+++ b/doc/asa.rst
@ -3,6 +3,22 @@
 Security Advisory
 #################

+Addressed in ACRN v1.6.1
+************************
+
+We recommend that all developers upgrade to this v1.6.1 release (or later), which
+addresses the following security issue that was discovered in previous releases:
+
+------
+
+- Service VM kernel Crashes When Fuzzing HC_ASSIGN_PCIDEV and HC_DEASSIGN_PCIDEV
+   NULL pointer dereference due to invalid address of PCI device to be assigned or
+   de-assigned may result in kernel crash. The return value of 'pci_find_bus()' shall
+   be validated before using in 'update_assigned_vf_state()'.
+
+   **Affected Release:** v1.6.
+
+
 Addressed in ACRN v1.6
 **********************