evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/arch
History
Owen Hofmann 91e1f7b0eb kvm: x86: Check memopp before dereference (CVE-2016-8630) 
commit d9092f52d7e61dd1557f2db2400ddb430e85937e upstream.

Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
check for non-NULL under incorrect assumptions. An undefined instruction
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
to dereference a null pointer here.

Fixes: 41061cdb98
Message-Id: <1477592752-126650-2-git-send-email-osh@google.com>
Signed-off-by: Owen Hofmann <osh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-10 16:36:37 +01:00
..
alpha alpha: fix copy_from_user() 2016-09-24 10:07:45 +02:00
arc arc: don't leak bits of kernel stack into coredump 2016-10-28 03:01:32 -04:00
arm ARM: 8584/1: floppy: avoid gcc-6 warning 2016-11-10 16:36:36 +01:00
arm64 arm64: kernel: Init MDCR_EL2 even in the absence of a PMU 2016-10-28 03:01:35 -04:00
avr32 avr32: off by one in at32_init_pio() 2016-10-07 15:23:45 +02:00
blackfin net: smc91x: fix SMC accesses 2016-09-30 10:18:37 +02:00
c6x
cris cris: buggered copy_from_user/copy_to_user/clear_user 2016-09-24 10:07:44 +02:00
frv frv: fix clear_user() 2016-09-24 10:07:44 +02:00
h8300 h8300: fix syscall restarting 2016-11-10 16:36:32 +01:00
hexagon hexagon: fix strncpy_from_user() error return 2016-09-24 10:07:44 +02:00
ia64 ia64: copy_from_user() should zero the destination on access_ok() failure 2016-09-24 10:07:46 +02:00
m32r m32r: fix __get_user() 2016-09-24 10:07:43 +02:00
m68k m68k: Wire up mlock2 2015-11-22 11:35:26 +01:00
metag metag: Only define atomic_dec_if_positive conditionally 2016-10-28 03:01:31 -04:00
microblaze microblaze: fix copy_from_user() 2016-09-24 10:07:43 +02:00
mips KVM: MIPS: Make ERET handle ERL before EXL 2016-11-10 16:36:34 +01:00
mn10300 mn10300: copy_from_user() should zero on access_ok() failure... 2016-09-24 10:07:45 +02:00
nios2 nios2: copy_from_user() should zero the tail of destination 2016-09-24 10:07:45 +02:00
openrisc openrisc: fix the fix of copy_from_user() 2016-09-24 10:07:46 +02:00
parisc parisc: Ensure consistent state when switching to kernel stack at syscall entry 2016-11-10 16:36:34 +01:00
powerpc powerpc/ptrace: Fix out of bounds array access warning 2016-11-10 16:36:36 +01:00
s390 s390/mm: fix gmap tlb flush issues 2016-10-28 03:01:34 -04:00
score score: fix copy_from_user() and friends 2016-09-24 10:07:44 +02:00
sh sh: fix copy_from_user() 2016-09-24 10:07:44 +02:00
sparc sparc32: fix copy_from_user() 2016-09-24 10:07:45 +02:00
tile tile: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO 2016-10-07 15:23:44 +02:00
um um: Don't discard .text.exit section 2016-09-07 08:32:38 +02:00
unicore32 pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
x86 kvm: x86: Check memopp before dereference (CVE-2016-8630) 2016-11-10 16:36:37 +01:00
xtensa xtensa: clear all DBREAKC registers on start 2016-04-12 09:08:55 -07:00
.gitignore
Kconfig