diff options
Diffstat (limited to 'CVE-2017-11473.patch')
-rw-r--r-- | CVE-2017-11473.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/CVE-2017-11473.patch b/CVE-2017-11473.patch deleted file mode 100644 index e3e0658a4..000000000 --- a/CVE-2017-11473.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 70ac67826602edf8c0ccb413e5ba7eacf597a60c Mon Sep 17 00:00:00 2001 -From: Seunghun Han <kkamagui@gmail.com> -Date: Tue, 18 Jul 2017 20:03:51 +0900 -Subject: x86/acpi: Prevent out of bound access caused by broken ACPI tables - -The bus_irq argument of mp_override_legacy_irq() is used as the index into -the isa_irq_to_gsi[] array. The bus_irq argument originates from -ACPI_MADT_TYPE_IO_APIC and ACPI_MADT_TYPE_INTERRUPT items in the ACPI -tables, but is nowhere sanity checked. - -That allows broken or malicious ACPI tables to overwrite memory, which -might cause malfunction, panic or arbitrary code execution. - -Add a sanity check and emit a warning when that triggers. - -[ tglx: Added warning and rewrote changelog ] - -Signed-off-by: Seunghun Han <kkamagui@gmail.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: security@kernel.org -Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net> -Cc: stable@vger.kernel.org ---- - arch/x86/kernel/acpi/boot.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index 6bb6806..7491e73 100644 ---- a/arch/x86/kernel/acpi/boot.c -+++ b/arch/x86/kernel/acpi/boot.c -@@ -347,6 +347,14 @@ static void __init mp_override_legacy_irq(u8 bus_irq, u8 polarity, u8 trigger, - struct mpc_intsrc mp_irq; - - /* -+ * Check bus_irq boundary. -+ */ -+ if (bus_irq >= NR_IRQS_LEGACY) { -+ pr_warn("Invalid bus_irq %u for legacy override\n", bus_irq); -+ return; -+ } -+ -+ /* - * Convert 'gsi' to 'ioapic.pin'. - */ - ioapic = mp_find_ioapic(gsi); --- -cgit v1.1 - |