Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 8ad39a3b44c1b452e51c0fc996d65911e2545b84
commit8ad39a3b44c1b452e51c0fc996d65911e2545b84[log] [tgz]
authorPaolo Bonzini <pbonzini@redhat.com>Wed Dec 04 10:28:54 2019 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Dec 13 08:43:26 2019 +0100
treec1edd25f0d58e2b72c8592d2a93f5a630d5e8155
parente8f669921edd97b089691fed09946e5860523ba9 [diff]
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

commit 433f4ba1904100da65a311033f17a9bf586b287e upstream.

The bounds check was present in KVM_GET_SUPPORTED_CPUID but not
KVM_GET_EMULATED_CPUID.

Reported-by: syzbot+e3f4897236c4eeb8af4f@syzkaller.appspotmail.com
Fixes: 84cffe499b94 ("kvm: Emulate MOVBE", 2013-10-29)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: c1edd25f0d58e2b72c8592d2a93f5a630d5e8155
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README