aboutsummaryrefslogtreecommitdiffstats
path: root/tools/blktap2/drivers/hashtable_utility.c
diff options
context:
space:
mode:
authorMatthew Daley <mattjd@gmail.com>2013-10-10 15:22:55 +0200
committerJan Beulich <jbeulich@suse.com>2013-10-10 15:22:55 +0200
commit889f547790953d30cd88a465aac5954e5f407e53 (patch)
tree3c7ae574ee5c5f32126451b48b41729e6ee8e822 /tools/blktap2/drivers/hashtable_utility.c
parentb267a5a2cae14c97ab9198336f1529e7e48fad22 (diff)
downloadxen-889f547790953d30cd88a465aac5954e5f407e53.tar.gz
xen-889f547790953d30cd88a465aac5954e5f407e53.tar.bz2
xen-889f547790953d30cd88a465aac5954e5f407e53.zip
x86: check segment descriptor read result in 64-bit OUTS emulation
When emulating such an operation from a 64-bit context (CS has long mode set), and the data segment is overridden to FS/GS, the result of reading the overridden segment's descriptor (read_descriptor) is not checked. If it fails, data_base is left uninitialized. This can lead to 8 bytes of Xen's stack being leaked to the guest (implicitly, i.e. via the address given in a #PF). Coverity-ID: 1055116 This is CVE-2013-4368 / XSA-67. Signed-off-by: Matthew Daley <mattjd@gmail.com> Fix formatting. Signed-off-by: Jan Beulich <jbeulich@suse.com> master commit: 0771faba163769089c9f05f7f76b63e397677613 master date: 2013-10-10 15:19:53 +0200
Diffstat (limited to 'tools/blktap2/drivers/hashtable_utility.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-09 15:07:37 +0000