Linux / linux / 433f4ba / KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

Linux/linux 433f4ba — arch/x86/kvm cpuid.c

2019-12-04 11:14:41 UTC by Paolo Bonzini on ⎇

master

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

The bounds check was present in KVM_GET_SUPPORTED_CPUID but not
KVM_GET_EMULATED_CPUID.

Reported-by: syzbot+e3f4897236c4eeb8af4f at syzkaller.appspotmail.com
Fixes: 84cffe499b94 ("kvm: Emulate MOVBE", 2013-10-29)
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>

Delta		File
+4	-1	arch/x86/kvm/cpuid.c
+4	-1	1 files

Unified Split Raw