debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

[x86] kvm: Check memopp before dereference (CVE-2016-8630)

This commit is contained in:
Salvatore Bonaccorso 2016-11-06 17:52:10 +01:00
parent 790f2d1ab5
commit d99e060fe3
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -122,6 +122,9 @@ linux (4.8.6-1) UNRELEASED; urgency=medium
* cpupower: Fix checks for CPU existence (Closes: #843071)
* perf: Disable use of libcrypto (Closes: #843199)
[ Salvatore Bonaccorso ]
* [x86] kvm: Check memopp before dereference (CVE-2016-8630)
-- Ben Hutchings <ben@decadent.org.uk> Wed, 02 Nov 2016 12:01:42 -0600
linux (4.8.5-1) unstable; urgency=medium

34
debian/patches/bugfix/x86/kvm-x86-Check-memopp-before-dereference-CVE-2016-863.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From: Owen Hofmann <osh@google.com>
Date: Thu, 27 Oct 2016 11:25:52 -0700
Subject: kvm: x86: Check memopp before dereference (CVE-2016-8630)
Origin: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e
Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
check for non-NULL under incorrect assumptions. An undefined instruction
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
to dereference a null pointer here.
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Message-Id: <1477592752-126650-2-git-send-email-osh@google.com>
Signed-off-by: Owen Hofmann <osh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 4e95d3e..cbd7b92 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5045,7 +5045,7 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
/* Decode and fetch the destination operand: register or memory. */
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
- if (ctxt->rip_relative)
+ if (ctxt->rip_relative && likely(ctxt->memopp))
ctxt->memopp->addr.mem.ea = address_mask(ctxt,
ctxt->memopp->addr.mem.ea + ctxt->_eip);
--
2.10.2

1
debian/patches/series vendored
View File

@ -96,6 +96,7 @@ bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/net-add-recursion-limit-to-gro.patch
bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
bugfix/x86/kvm-x86-Check-memopp-before-dereference-CVE-2016-863.patch
# ABI maintenance