OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742) - edk2 - Cross-platform firmware development environment

diff options

author	Adam Dunlap <acdunlap@google.com>	2024-04-19 11:21:46 -0700
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-04-23 17:29:55 +0000
commit	e3fa6986ae8521275fc6ca161f7394a3809f8723 (patch)
tree	4939071a8e53a1c509ea02b32f06c628804b6a83 /BaseTools/Source/Python/FMMT/FMMT.py
parent	86c8d69146310f24069701053a27153ae536ebba (diff)
download	edk2-e3fa6986ae8521275fc6ca161f7394a3809f8723.tar.gz edk2-e3fa6986ae8521275fc6ca161f7394a3809f8723.tar.bz2 edk2-e3fa6986ae8521275fc6ca161f7394a3809f8723.zip

OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)

Ensure that when a #VC exception happens, the instruction at the instruction pointer matches the instruction that is expected given the error code. This is to mitigate the ahoi WeSee attack [1] that could allow hypervisors to breach integrity and confidentiality of the firmware by maliciously injecting interrupts. This change is a translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC instruction emulation somewhat") [1] https://ahoi-attacks.github.io/wesee/ Cc: Borislav Petkov (AMD) <bp@alien8.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Adam Dunlap <acdunlap@google.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

Diffstat (limited to 'BaseTools/Source/Python/FMMT/FMMT.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: