metalefty/fedora-kernel
1
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2015-XXXX kvm: NULL ptr deref in kvm_apic_has_events (rhbz 1230770 1230774)

Browse Source
This commit is contained in:
Josh Boyer 2015-06-12 10:15:55 -04:00
parent a41a1e3b76
commit 6adde40b1c
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
kernel.spec
View File

@ -618,6 +618,9 @@ Patch26221: drm-i915-turn-off-wc-mmaps.patch
#rhbz 1223051
Patch26230: Input-synaptics-add-min-max-quirk-for-Lenovo-S540.patch
# CVE-2015-XXXX rhbz 1230770 1230774
Patch26231: kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch
# END OF PATCH DEFINITIONS
%endif
@ -1354,6 +1357,9 @@ ApplyPatch drm-i915-turn-off-wc-mmaps.patch
#rhbz 1223051
ApplyPatch Input-synaptics-add-min-max-quirk-for-Lenovo-S540.patch
# CVE-2015-XXXX rhbz 1230770 1230774
ApplyPatch kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch
# END OF PATCH APPLICATIONS
%endif
@ -2218,6 +2224,9 @@ fi
#
#
%changelog
* Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-XXXX kvm: NULL ptr deref in kvm_apic_has_events (rhbz 1230770 1230774)
* Tue Jun 09 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Fix touchpad for Thinkpad S540 (rhbz 1223051)

25
kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch Normal file
View File

@ -0,0 +1,25 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 4 Jun 2015 10:18:22 +0200
Subject: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
Malicious (or egregiously buggy) userspace can trigger it, but it
should never happen in normal operation.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/lapic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 9d28383fc1e7..c4ea87eedf8a 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -150,7 +150,7 @@ static inline bool kvm_apic_vid_enabled(struct kvm *kvm)
static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
{
- return vcpu->arch.apic->pending_events;
+ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
}
bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);