pool/xen
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
296b5421e5
xen/xsa106.patch
Charles Arnold 4cdbb395f2 - bnc#897614 - Virtualization/xen: Bug xen-tools uninstallable; 
grub2-x86_64-xen dependency not available
  xen.spec

- More cleanup of README.SUSE

- Update xen patch with upstream patch so that latest libvirt
  patch can work. (bnc#896044)
  + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch
  - xen-pass-kernel-initrd-to-qemu.patch

- bnc#895804 - VUL-0: CVE-2014-6268: xen: XSA-107: Mishandling of
  uninitialised FIFO-based event channel control blocks
  xsa107.patch
- bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks
  in x86 emulation of software interrupts
  xsa106.patch
- bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks
  in x86 HLT, LGDT, LIDT, and LMSW emulation
  xsa105.patch
- bnc#895798 - VUL-0: xen: XSA-104: Race condition in
  HVMOP_track_dirty_vram
  xsa104.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=331
2014-09-23 17:00:56 +00:00

23 lines
871 B
Diff
Raw Blame History

x86emul: only emulate software interrupt injection for real mode
Protected mode emulation currently lacks proper privilege checking of
the referenced IDT entry, and there's currently no legitimate way for
any of the respective instructions to reach the emulator when the guest
is in protected mode.
This is XSA-106.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2634,6 +2634,7 @@ x86_emulate(
case 0xcd: /* int imm8 */
src.val = insn_fetch_type(uint8_t);
swint:
+ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
fail_if(ops->inject_sw_interrupt == NULL);
rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
ctxt) ? : X86EMUL_EXCEPTION;
Reference in New Issue View Git Blame Copy Permalink