kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix out-of-bounds memory read access in x2APIC emulation (HVM only)

Browse source 
(CVE-2014-7188)
bump PKGREV
This commit is contained in:
drochner 2014-10-01 17:18:22 +00:00
parent ce166b9934
commit 0fb0f38b27
3 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sysutils/xenkernel41/Makefile
View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile,v 1.39 2014/09/26 10:45:00 bouyer Exp $
# $NetBSD: Makefile,v 1.40 2014/10/01 17:18:22 drochner Exp $
VERSION= 4.1.6.1
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel41-${VERSION}
PKGREVISION= 11
PKGREVISION= 12
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/

4
sysutils/xenkernel41/distinfo
View file

@ -1,10 +1,10 @@
$NetBSD: distinfo,v 1.30 2014/09/26 10:45:00 bouyer Exp $
$NetBSD: distinfo,v 1.31 2014/10/01 17:18:22 drochner Exp $
SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
Size (xen-4.1.6.1.tar.gz) = 10428485 bytes
SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1
SHA1 (patch-CVE-2013-4355_1) = 99068aa658fc231fe6c6c77bf61d68405318aaa8
SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069
SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509
SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f
SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8

25
sysutils/xenkernel41/patches/patch-CVE-2013-4355_1
View file

@ -1,4 +1,4 @@
$NetBSD: patch-CVE-2013-4355_1,v 1.4 2014/05/05 13:39:10 drochner Exp $
$NetBSD: patch-CVE-2013-4355_1,v 1.5 2014/10/01 17:18:22 drochner Exp $
http://lists.xenproject.org/archives/html/xen-devel/2013-09/msg03160.html
also fixes
@ -10,9 +10,12 @@ http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg03177.html
also fixes
http://lists.xenproject.org/archives/html/xen-devel/2014-04/msg03853.html
(CVE-2014-3124)
also fixes
http://lists.xenproject.org/archives/html/xen-devel/2014-10/msg00065.html
(CVE-2014-7188)
--- xen/arch/x86/hvm/hvm.c.orig 2013-09-10 06:42:18.000000000 +0000
+++ xen/arch/x86/hvm/hvm.c 2014-04-30 13:11:30.000000000 +0000
+++ xen/arch/x86/hvm/hvm.c 2014-10-01 16:40:48.000000000 +0000
@@ -1961,11 +1961,7 @@ void hvm_task_switch(
rc = hvm_copy_from_guest_virt(
@ -45,6 +48,24 @@ http://lists.xenproject.org/archives/html/xen-devel/2014-04/msg03853.html
goto out;
@@ -2409,7 +2403,7 @@ int hvm_msr_read_intercept(unsigned int
*msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
break;
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
if ( hvm_x2apic_msr_read(v, msr, msr_content) )
goto gp_fault;
break;
@@ -2529,7 +2523,7 @@ int hvm_msr_write_intercept(unsigned int
vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
break;
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
if ( hvm_x2apic_msr_write(v, msr, msr_content) )
goto gp_fault;
break;
@@ -2834,7 +2828,7 @@ int hvm_do_hypercall(struct cpu_user_reg
case 4:
case 2: