diff options
author | Andy Honig <ahonig@google.com> | 2013-11-18 16:09:22 -0800 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2014-01-03 04:33:31 +0000 |
commit | 4a94970b318e0d7387c2d84fa7c92ea782ae52b3 (patch) | |
tree | 3bd46437e963944ea3bf3c4609dcb8eebc402681 /sound/arm | |
parent | 96e7025c23fe7d09401edbfa8990144cbf8dc93b (diff) | |
download | kernel_samsung_smdk4412-4a94970b318e0d7387c2d84fa7c92ea782ae52b3.zip kernel_samsung_smdk4412-4a94970b318e0d7387c2d84fa7c92ea782ae52b3.tar.gz kernel_samsung_smdk4412-4a94970b318e0d7387c2d84fa7c92ea782ae52b3.tar.bz2 |
KVM: Improve create VCPU parameter (CVE-2013-4587)
commit 338c7dbadd2671189cec7faf64c84d01071b3f96 upstream.
In multiple functions the vcpu_id is used as an offset into a bitfield. Ag
malicious user could specify a vcpu_id greater than 255 in order to set or
clear bits in kernel memory. This could be used to elevate priveges in the
kernel. This patch verifies that the vcpu_id provided is less than 255.
The api documentation already specifies that the vcpu_id must be less than
max_vcpus, but this is currently not checked.
Reported-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'sound/arm')
0 files changed, 0 insertions, 0 deletions