]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6155b83) | patch
KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
authorAndy Honig <ahonig@google.com>
Mon, 11 Mar 2013 16:34:52 +0000 (09:34 -0700)
committerMarcelo Tosatti <mtosatti@redhat.com>
Tue, 19 Mar 2013 17:17:31 +0000 (14:17 -0300)
commitde0fc2d808e1664058f8a2c1c57714bd7d7d788a
tree509c85623ff9e65c383845562db3dbce2da17531tree | snapshot
parent6155b8352b2abbd4735840345bf9bd5da69106f5commit | diff
KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)

If the guest sets the GPA of the time_page so that the request to update the
time straddles a page then KVM will write onto an incorrect page.  The
write is done byusing kmap atomic to get a pointer to the page for the time
structure and then performing a memcpy to that page starting at an offset
that the guest controls.  Well behaved guests always provide a 32-byte aligned
address, however a malicious guest could use this to corrupt host kernel
memory.

Tested: Tested against kvmclock unit test.

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
arch/x86/kvm/x86.c diff | blob | history
Linux Kernel Source Tree.