linux-stable.git - Linux kernel stable tree

diff options

author	Matt Delco <delco@chromium.org>	2019-09-16 14:16:54 -0700
committer	Paolo Bonzini <pbonzini@redhat.com>	2019-09-18 15:56:55 +0200
commit	b60fe990c6b07ef6d4df67bc0530c7c90a62623a (patch)
tree	49d837232351e9b86c9632ccc509f26596e269ed /CREDITS
parent	a9c20bb0206ae9384bd470a6832dd8913730add9 (diff)
download	linux-stable-b60fe990c6b07ef6d4df67bc0530c7c90a62623a.tar.gz linux-stable-b60fe990c6b07ef6d4df67bc0530c7c90a62623a.tar.bz2 linux-stable-b60fe990c6b07ef6d4df67bc0530c7c90a62623a.zip

KVM: coalesced_mmio: add bounds checking

The first/last indexes are typically shared with a user app. The app can change the 'last' index that the kernel uses to store the next result. This change sanity checks the index before using it for writing to a potentially arbitrary address. This fixes CVE-2019-14821. Cc: stable@vger.kernel.org Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)") Signed-off-by: Matt Delco <delco@chromium.org> Signed-off-by: Jim Mattson <jmattson@google.com> Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com [Use READ_ONCE. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'CREDITS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: