Need confirmation for some unpatched CVE in QEMU

[the-Chain-Warden-thresh]

I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by qemu do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch. Here are the CVEs I found in this repo unpatched, but get fixed in qemu:

CVE-2021-20257 in qemu/hw/net/e1000.c's function static void process_tx_desc(E1000State *s, struct e1000_tx_desc *dp), with patch here for your reference.

CVE-2021-3748 in qemu/hw/net/virtio-net.c's function static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, size_t size), with patch here for your reference.

[xabiugarte]

First of all, thank you very much for your interest.

Unfortunately this project is being archived and will not be maintained. It will still be kept public for reference purposes. The Qemu version has not been updated in some time and is therefore subject to any bugs or vulnerabilities discovered since then.