projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 20077d0) | patch
x86/ucode/amd: Fix OoB read in cpu_request_microcode()
authorAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 9 Feb 2021 22:10:54 +0000 (22:10 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 10 Feb 2021 13:23:51 +0000 (13:23 +0000)
commit1cbc4d89c45cba3929f1c0cb4bca0b000c4f174b
treee7447cdfe22d608565bf5a638f625d6abaf2345dtree | snapshot
parent20077d035224c6f3b3eef8b111b8b842635f2c40commit | diff
x86/ucode/amd: Fix OoB read in cpu_request_microcode()

verify_patch_size() is a maximum size check, and doesn't have a minimum bound.

If the microcode container encodes a blob with a length less than 64 bytes,
the subsequent calls to microcode_fits()/compare_header() may read off the end
of the buffer.

Fixes: 4de936a38a ("x86/ucode/amd: Rework parsing logic in cpu_request_microcode()")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/cpu/microcode/amd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.