|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.17] x86/viridian: Enforce bounds check in vpmask_set()
commit 17bfa36a41c82af904fba99f120ddacc862f4b1f
Author: Teddy Astie <teddy.astie@xxxxxxxxxx>
AuthorDate: Tue Oct 21 15:31:25 2025 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Oct 21 15:31:25 2025 +0200
x86/viridian: Enforce bounds check in vpmask_set()
Callers can pass vp/mask values which exceed the size of vpmask->mask.
Ensure
we only set bits which are within bounds.
This is XSA-475 / CVE-2025-58147.
Fixes: b4124682db6e ("viridian: add ExProcessorMasks variants of the flush
hypercalls")
Signed-off-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
master commit: 36e90c4ef1f2667dc8159c634fb00d393fc2d857
master date: 2025-10-21 14:09:37 +0200
---
xen/arch/x86/hvm/viridian/viridian.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/viridian/viridian.c
b/xen/arch/x86/hvm/viridian/viridian.c
index 372a749ab9..034f64b809 100644
--- a/xen/arch/x86/hvm/viridian/viridian.c
+++ b/xen/arch/x86/hvm/viridian/viridian.c
@@ -562,7 +562,8 @@ static void vpmask_set(struct hypercall_vpmask *vpmask,
unsigned int vp,
if ( mask & 1 )
{
- ASSERT(vp < HVM_MAX_VCPUS);
+ if ( vp >= HVM_MAX_VCPUS )
+ break;
__set_bit(vp, vpmask->mask);
}
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.17
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |