Skip to content
Commit c300aa64 authored by Andy Honig's avatar Andy Honig Committed by Marcelo Tosatti
Browse files

KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)



If the guest sets the GPA of the time_page so that the request to update the
time straddles a page then KVM will write onto an incorrect page.  The
write is done byusing kmap atomic to get a pointer to the page for the time
structure and then performing a memcpy to that page starting at an offset
that the guest controls.  Well behaved guests always provide a 32-byte aligned
address, however a malicious guest could use this to corrupt host kernel
memory.

Tested: Tested against kvmclock unit test.

Signed-off-by: default avatarAndrew Honig <ahonig@google.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent c09664bb
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment