94bee3919a
The bus_irq argument of mp_override_legacy_irq() is used as the index into the isa_irq_to_gsi[] array. The bus_irq argument originates from ACPI_MADT_TYPE_IO_APIC and ACPI_MADT_TYPE_INTERRUPT items in the ACPI tables, but is nowhere sanity checked. That allows broken or malicious ACPI tables to overwrite memory, which might cause malfunction, panic or arbitrary code execution. Add a sanity check and emit a warning when that triggers. [ tglx: Added warning and rewrote changelog ] Signed-off-by: Seunghun Han <kkamagui@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: security@kernel.org Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net> Cc: stable@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> CVE-2017-11473 Change-Id: I06eeb72e3207d795a87279ecfdd362e361f505f7 |
||
|---|---|---|
| .. | ||
| boot | ||
| configs | ||
| crypto | ||
| ia32 | ||
| include | ||
| kernel | ||
| kvm | ||
| lguest | ||
| lib | ||
| math-emu | ||
| mm | ||
| net | ||
| oprofile | ||
| pci | ||
| platform | ||
| power | ||
| realmode | ||
| syscalls | ||
| tools | ||
| um | ||
| vdso | ||
| video | ||
| xen | ||
| .gitignore | ||
| Kbuild | ||
| Kconfig | ||
| Kconfig.cpu | ||
| Kconfig.debug | ||
| Makefile | ||
| Makefile.um | ||
| Makefile_32.cpu | ||