NAK: [SRU][Eoan][CVE-2019-14821][PATCH] KVM: coalesced_mmio: add bounds checking
Seth Forshee
seth.forshee at canonical.com
Fri Sep 27 13:01:07 UTC 2019
On Tue, Sep 24, 2019 at 09:47:10AM +0200, Juerg Haefliger wrote:
> From: Matt Delco <delco at chromium.org>
>
> The first/last indexes are typically shared with a user app.
> The app can change the 'last' index that the kernel uses
> to store the next result. This change sanity checks the index
> before using it for writing to a potentially arbitrary address.
>
> This fixes CVE-2019-14821.
>
> Cc: stable at vger.kernel.org
> Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)")
> Signed-off-by: Matt Delco <delco at chromium.org>
> Signed-off-by: Jim Mattson <jmattson at google.com>
> Reported-by: syzbot+983c866c3dd6efa3662a at syzkaller.appspotmail.com
> [Use READ_ONCE. - Paolo]
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
>
> CVE-2019-14821
>
> (cherry picked from commit b60fe990c6b07ef6d4df67bc0530c7c90a62623a)
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
This patch was included in the 5.3.1 stable update, which has already
been applied to eoan. Thanks!
More information about the kernel-team
mailing list