diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-06-12 10:15:55 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-06-12 10:15:55 -0400 |
| commit | 6adde40b1c08a66fca3c5054edce1c230e4c1e45 (patch) | |
| tree | e533ea3daee188ee82b20fe1bcc1cb140db317b6 | |
| parent | a41a1e3b763c1fa13079b167351c871f345a18ca (diff) | |
| download | kernel-6adde40b1c08a66fca3c5054edce1c230e4c1e45.tar.gz kernel-6adde40b1c08a66fca3c5054edce1c230e4c1e45.tar.xz kernel-6adde40b1c08a66fca3c5054edce1c230e4c1e45.zip | |
CVE-2015-XXXX kvm: NULL ptr deref in kvm_apic_has_events (rhbz 1230770 1230774)
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch | 25 |
2 files changed, 34 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index cc4838287..cca7ae939 100644 --- a/kernel.spec +++ b/kernel.spec @@ -618,6 +618,9 @@ Patch26221: drm-i915-turn-off-wc-mmaps.patch #rhbz 1223051 Patch26230: Input-synaptics-add-min-max-quirk-for-Lenovo-S540.patch +# CVE-2015-XXXX rhbz 1230770 1230774 +Patch26231: kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch + # END OF PATCH DEFINITIONS %endif @@ -1354,6 +1357,9 @@ ApplyPatch drm-i915-turn-off-wc-mmaps.patch #rhbz 1223051 ApplyPatch Input-synaptics-add-min-max-quirk-for-Lenovo-S540.patch +# CVE-2015-XXXX rhbz 1230770 1230774 +ApplyPatch kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch + # END OF PATCH APPLICATIONS %endif @@ -2218,6 +2224,9 @@ fi # # %changelog +* Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2015-XXXX kvm: NULL ptr deref in kvm_apic_has_events (rhbz 1230770 1230774) + * Tue Jun 09 2015 Josh Boyer <jwboyer@fedoraproject.org> - Fix touchpad for Thinkpad S540 (rhbz 1223051) diff --git a/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch b/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch new file mode 100644 index 000000000..d060b5f24 --- /dev/null +++ b/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch @@ -0,0 +1,25 @@ +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Thu, 4 Jun 2015 10:18:22 +0200 +Subject: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer + +Malicious (or egregiously buggy) userspace can trigger it, but it +should never happen in normal operation. + +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + arch/x86/kvm/lapic.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h +index 9d28383fc1e7..c4ea87eedf8a 100644 +--- a/arch/x86/kvm/lapic.h ++++ b/arch/x86/kvm/lapic.h +@@ -150,7 +150,7 @@ static inline bool kvm_apic_vid_enabled(struct kvm *kvm) + + static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu) + { +- return vcpu->arch.apic->pending_events; ++ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events; + } + + bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector); |