[Pkg-xen-changes] [xen] 04/17: x86emul: only emulate software interrupt injection for real mode

Bastian Blank waldi at moszumanska.debian.org
Thu Dec 11 21:46:54 UTC 2014


This is an automated email from the git hooks/post-receive script.

waldi pushed a commit to branch develop
in repository xen.

commit d54059c6684032053a45a4475842132aa532bbb6
Author: Jan Beulich <jbeulich at suse.com>
Date:   Tue Sep 23 14:40:51 2014 +0200

    x86emul: only emulate software interrupt injection for real mode
    
    Protected mode emulation currently lacks proper privilege checking of
    the referenced IDT entry, and there's currently no legitimate way for
    any of the respective instructions to reach the emulator when the guest
    is in protected mode.
    
    This is XSA-106.
    
    Reported-by: Andrei LUTAS <vlutas at bitdefender.com>
    Signed-off-by: Jan Beulich <jbeulich at suse.com>
    Acked-by: Keir Fraser <keir at xen.org>
    master commit: 346d4545569928b652c40c7815c1732676f8587c
    master date: 2014-09-23 14:33:50 +0200
    
    Patch-Name: CVE-2014-7156.diff
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 4810e68..5fbe024 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2634,6 +2634,7 @@ x86_emulate(
     case 0xcd: /* int imm8 */
         src.val = insn_fetch_type(uint8_t);
     swint:
+        fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
         fail_if(ops->inject_sw_interrupt == NULL);
         rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
                                       ctxt) ? : X86EMUL_EXCEPTION;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git



More information about the Pkg-xen-changes mailing list