diff options
Diffstat (limited to 'sysutils/xenkernel41/patches/patch-CVE-2014-7156')
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2014-7156 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/sysutils/xenkernel41/patches/patch-CVE-2014-7156 b/sysutils/xenkernel41/patches/patch-CVE-2014-7156 new file mode 100644 index 00000000000..ca1b429af8f --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2014-7156 @@ -0,0 +1,25 @@ +$NetBSD: patch-CVE-2014-7156,v 1.1.2.2 2014/09/28 12:07:10 tron Exp $ + +x86emul: only emulate software interrupt injection for real mode + +Protected mode emulation currently lacks proper privilege checking of +the referenced IDT entry, and there's currently no legitimate way for +any of the respective instructions to reach the emulator when the guest +is in protected mode. + +This is XSA-106. + +Reported-by: Andrei LUTAS <vlutas@bitdefender.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Keir Fraser <keir@xen.org> + +--- xen/arch/x86/x86_emulate/x86_emulate.c.orig ++++ xen/arch/x86/x86_emulate/x86_emulate.c +@@ -2634,6 +2634,7 @@ x86_emulate( + case 0xcd: /* int imm8 */ + src.val = insn_fetch_type(uint8_t); + swint: ++ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */ + fail_if(ops->inject_sw_interrupt == NULL); + rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip, + ctxt) ? : X86EMUL_EXCEPTION; |