1ba4b2310d
-Information leak on AVX and/or LWP capable CPUs (CVE-2013-1442 / XSA-62) -Information leaks through I/O instruction emulation (CVE-2013-4355 / XSA-63) -Information leak through fbld instruction emulation (CVE-2013-4361 / XSA-66) bump PKGREV
24 lines
836 B
Text
24 lines
836 B
Text
$NetBSD: patch-CVE-2013-4355_4,v 1.1 2013/10/01 14:54:44 drochner Exp $
|
|
|
|
--- xen/arch/x86/hvm/vmx/realmode.c.orig 2013-09-10 06:42:18.000000000 +0000
|
|
+++ xen/arch/x86/hvm/vmx/realmode.c 2013-09-30 15:23:07.000000000 +0000
|
|
@@ -38,7 +38,9 @@ static void realmode_deliver_exception(
|
|
|
|
again:
|
|
last_byte = (vector * 4) + 3;
|
|
- if ( idtr->limit < last_byte )
|
|
+ if ( idtr->limit < last_byte ||
|
|
+ hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4) !=
|
|
+ HVMCOPY_okay )
|
|
{
|
|
/* Software interrupt? */
|
|
if ( insn_len != 0 )
|
|
@@ -63,8 +65,6 @@ static void realmode_deliver_exception(
|
|
}
|
|
}
|
|
|
|
- (void)hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4);
|
|
-
|
|
frame[0] = regs->eip + insn_len;
|
|
frame[1] = csr->sel;
|
|
frame[2] = regs->eflags & ~X86_EFLAGS_RF;
|