blob: 9334467e331a4c6f5475d2852e21c2bfd7c59740 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:27:16 spz Exp $
xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations
For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.
This is CVE-2015-2151 / XSA-123.
--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-03-10 20:10:23.000000000 +0000
+++ xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1462,7 +1462,7 @@ x86_emulate(
}
}
- if ( override_seg != -1 )
+ if ( override_seg != -1 && ea.type == OP_MEM )
ea.mem.seg = override_seg;
/* Decode and fetch the source operand: register, memory or immediate. */
|