On Thu, Apr 03, 2014 at 08:04:23PM +0200, Alexander Graf wrote:
>
> On 03.04.2014, at 18:51, Michael S. Tsirkin wrote:
>
> > From: Michael Roth
> >
> > CVE-2013-4534
> >
> > opp->nb_cpus is read from the wire and used to determine how many
> > IRQDest elements to read into opp->dst[]. If the
On 03.04.2014, at 18:51, Michael S. Tsirkin wrote:
> From: Michael Roth
>
> CVE-2013-4534
>
> opp->nb_cpus is read from the wire and used to determine how many
> IRQDest elements to read into opp->dst[]. If the value exceeds the
> length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with
From: Michael Roth
CVE-2013-4534
opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.
Fix this by failing migration if the
