reverse-24757-use-grant-references.patch - fate#313222 - xenstore-chmod should support 256 permissions 26189-xenstore-chmod.patch - bnc#789945 - VUL-0: CVE-2012-5510: xen: Grant table version switch list corruption vulnerability (XSA-26) CVE-2012-5510-xsa26.patch - bnc#789944 - VUL-0: CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs (XSA-27) CVE-2012-5511-xsa27.patch - bnc#789951 - VUL-0: CVE-2012-5513: xen: XENMEM_exchange may overwrite hypervisor memory (XSA-29) CVE-2012-5513-xsa29.patch - bnc#789948 - VUL-0: CVE-2012-5514: xen: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) CVE-2012-5514-xsa30.patch - bnc#789950 - VUL-0: CVE-2012-5515: xen: Several memory hypercall operations allow invalid extent order values (XSA-31) CVE-2012-5515-xsa31.patch - bnc#789952 - VUL-0: CVE-2012-5525: xen: Several hypercalls do not validate input GFNs (XSA-32) CVE-2012-5525-xsa32.patch - Upstream patches from Jan 26129-ACPI-BGRT-invalidate.patch 26132-tmem-save-NULL-check.patch 26134-x86-shadow-invlpg-check.patch 26139-cpumap-masking.patch 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=219
23 lines
569 B
Diff
23 lines
569 B
Diff
References: CVE-2012-5525 XSA-32 bnc#789952
|
|
|
|
x86: get_page_from_gfn() must return NULL for invalid GFNs
|
|
|
|
... also in the non-translated case.
|
|
|
|
This is XSA-32 / CVE-2012-5525.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Acked-by: Tim Deegan <tim@xen.org>
|
|
|
|
--- a/xen/include/asm-x86/p2m.h
|
|
+++ b/xen/include/asm-x86/p2m.h
|
|
@@ -400,7 +400,7 @@ static inline struct page_info *get_page
|
|
if (t)
|
|
*t = p2m_ram_rw;
|
|
page = __mfn_to_page(gfn);
|
|
- return get_page(page, d) ? page : NULL;
|
|
+ return mfn_valid(gfn) && get_page(page, d) ? page : NULL;
|
|
}
|
|
|
|
|