[kernel] r22875 - in dists/jessie-security/linux/debian: . patches patches/bugfix/x86

Ben Hutchings benh at moszumanska.debian.org
Sat Aug 1 16:13:52 UTC 2015 

Author: benh
Date: Sat Aug  1 16:13:52 2015
New Revision: 22875

Log:
[x86] kvm: fix kvm_apic_has_events to check for NULL pointer (CVE-2015-4692)

Added:
   dists/jessie-security/linux/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
Modified:
   dists/jessie-security/linux/debian/changelog
   dists/jessie-security/linux/debian/patches/series

Modified: dists/jessie-security/linux/debian/changelog
==============================================================================
--- dists/jessie-security/linux/debian/changelog	Sat Aug  1 16:11:06 2015	(r22874)
+++ dists/jessie-security/linux/debian/changelog	Sat Aug  1 16:13:52 2015	(r22875)
@@ -3,6 +3,7 @@
   * path_openat(): fix double fput()
   * KEYS: ensure we free the assoc array edit if edit is valid (CVE-2015-1333)
   * sctp: fix ASCONF list handling (CVE-2015-3212)
+  * [x86] kvm: fix kvm_apic_has_events to check for NULL pointer (CVE-2015-4692)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sun, 26 Jul 2015 20:37:03 +0100
 

Added: dists/jessie-security/linux/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/jessie-security/linux/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch	Sat Aug  1 16:13:52 2015	(r22875)
@@ -0,0 +1,24 @@
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Sat, 30 May 2015 14:31:24 +0200
+Subject: kvm: x86: fix kvm_apic_has_events to check for NULL pointer
+Origin: https://git.kernel.org/linus/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
+
+Malicious (or egregiously buggy) userspace can trigger it, but it
+should never happen in normal operation.
+
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+---
+ arch/x86/kvm/lapic.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.h
++++ b/arch/x86/kvm/lapic.h
+@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct
+ 
+ static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
+ {
+-	return vcpu->arch.apic->pending_events;
++	return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
+ }
+ 
+ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);

Modified: dists/jessie-security/linux/debian/patches/series
==============================================================================
--- dists/jessie-security/linux/debian/patches/series	Sat Aug  1 16:11:06 2015	(r22874)
+++ dists/jessie-security/linux/debian/patches/series	Sat Aug  1 16:13:52 2015	(r22875)
@@ -636,3 +636,4 @@
 bugfix/all/path_openat-fix-double-fput.patch
 bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
 bugfix/all/sctp-fix-asconf-list-handling.patch
+bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch

More information about the Kernel-svn-changes mailing list