Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/virt/kvm
History
Andy Honig f843edd53f KVM: Improve create VCPU parameter (CVE-2013-4587) 
commit 338c7dbadd upstream.

In multiple functions the vcpu_id is used as an offset into a bitfield.  Ag
malicious user could specify a vcpu_id greater than 255 in order to set or
clear bits in kernel memory.  This could be used to elevate priveges in the
kernel.  This patch verifies that the vcpu_id provided is less than 255.
The api documentation already specifies that the vcpu_id must be less than
max_vcpus, but this is currently not checked.

Reported-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-12-20 07:34:19 -08:00
..
assigned-dev.c KVM: Convert intx_mask_lock to spin lock 2012-03-20 12:41:24 +02:00
async_pf.c
async_pf.h
coalesced_mmio.c KVM: make checks stricter in coalesced_mmio_in_range() 2011-12-27 11:17:07 +02:00
coalesced_mmio.h
eventfd.c
ioapic.c KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) 2013-04-25 21:19:55 -07:00
ioapic.h
iodev.h
iommu.c KVM: lock slots_lock around device assignment 2012-04-19 00:04:18 -03:00
irq_comm.c
Kconfig
kvm_main.c KVM: Improve create VCPU parameter (CVE-2013-4587) 2013-12-20 07:34:19 -08:00