]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 41db6ec) | patch
KVM: Fix buffer overflow in kvm_set_irq()
authorAvi Kivity <avi@redhat.com>
Sun, 22 Apr 2012 14:02:11 +0000 (17:02 +0300)
committerMaxim Uvarov <maxim.uvarov@oracle.com>
Tue, 19 Jun 2012 10:55:19 +0000 (03:55 -0700)
commit69e68cbe25beb16336e2611e4091098dbbe9a518
tree4836208c65af04dd46992456d520ffb7392167e0tree
parent41db6ec59cc5e5c74ecebb6e2a45f5389502ea39commit | diff
KVM: Fix buffer overflow in kvm_set_irq()

Bugdb: 13966
kvm_set_irq() has an internal buffer of three irq routing entries, allowing
connecting a GSI to three IRQ chips or on MSI.  However setup_routing_entry()
does not properly enforce this, allowing three irqchip routes followed by
an MSI route to overflow the buffer.

Fix by ensuring that an MSI entry is added to an empty list.
This fixes: CVE-2012-2137
Signed-off-by: Avi Kivity <avi@redhat.com>
virt/kvm/irq_comm.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.