Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 943043 Details for
Bug 1148422
CVE-2014-7188 - Improper MSR range used for x2APIC emulation
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
XSA-108 patch from Xen community
xsa108.patch (text/plain), 1.39 KB, created by
Major Hayden ðŸ¤
on 2014-10-01 12:34:30 UTC
(
hide
)
Description:
XSA-108 patch from Xen community
Filename:
MIME Type:
Creator:
Major Hayden ðŸ¤
Created:
2014-10-01 12:34:30 UTC
Size:
1.39 KB
patch
obsolete
>x86/HVM: properly bound x2APIC MSR range > >While the write path change appears to be purely cosmetic (but still >gets done here for consistency), the read side mistake permitted >accesses beyond the virtual APIC page. > >Note that while this isn't fully in line with the specification >(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal >possible fix addressing the security issue and getting x2APIC related >code into a consistent shape (elsewhere a 256 rather than 1024 wide >window is being used too). This will be dealt with subsequently. > >This is XSA-108. > >Signed-off-by: Jan Beulich <jbeulich@suse.com> > >--- a/xen/arch/x86/hvm/hvm.c >+++ b/xen/arch/x86/hvm/hvm.c >@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int > *msr_content = vcpu_vlapic(v)->hw.apic_base_msr; > break; > >- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: >+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: > if ( hvm_x2apic_msr_read(v, msr, msr_content) ) > goto gp_fault; > break; >@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int > vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); > break; > >- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: >+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: > if ( hvm_x2apic_msr_write(v, msr, msr_content) ) > goto gp_fault; > break;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1148422
: 943043