aboutsummaryrefslogtreecommitdiff
path: root/arch/arm
diff options
context:
space:
mode:
authorAndy Honig2013-03-11 09:34:52 -0700
committerMarcelo Tosatti2013-03-19 14:17:31 -0300
commitc300aa64ddf57d9c5d9c898a64b36877345dd4a9 (patch)
tree509c85623ff9e65c383845562db3dbce2da17531 /arch/arm
parentc09664bb44184b3846e8c5254db4eae4b932682a (diff)
KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
If the guest sets the GPA of the time_page so that the request to update the time straddles a page then KVM will write onto an incorrect page. The write is done byusing kmap atomic to get a pointer to the page for the time structure and then performing a memcpy to that page starting at an offset that the guest controls. Well behaved guests always provide a 32-byte aligned address, however a malicious guest could use this to corrupt host kernel memory. Tested: Tested against kvmclock unit test. Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'arch/arm')
0 files changed, 0 insertions, 0 deletions