projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1949868) | patch
x86/mm: PV superpage handling lacks sanity checks
authorJan Beulich <jbeulich@suse.com>
Wed, 20 Jan 2016 12:49:23 +0000 (13:49 +0100)
committerJan Beulich <jbeulich@suse.com>
Wed, 20 Jan 2016 12:49:23 +0000 (13:49 +0100)
commit47abf29a9255b2e7b94e56d66b455d0a584b68b8
treed6e9982e834d5eaa028b0717c849dd069dc9e98btree | snapshot
parent1949868d640427dc91bfb23741d78eb1d86841c8commit | diff
x86/mm: PV superpage handling lacks sanity checks

MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before
dereferencing pointers into the superpage frame table.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
get_superpage() has a similar issue.

This is CVE-2016-1570 / XSA-167.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arch/x86/mm.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.