On 08.10.2025 16:05, Jan Beulich wrote: > On 08.10.2025 15:04, Andrew Cooper wrote: >> I'm afraid this introduces a vulnerability. >> >> APIC_LVR is a toolstack-provided value. Nothing bounds checks the >> MAX_LVT value in it AFAICT, and previously this did not matter (from a >> security point of view at least) because the loop bounds were constant. > > Oh, right, I should have thought of that. As you don't suggest anything, > I'm going to simply add a check that the incoming value matches the one > that's there already.
Actually - no, that won't fly. We just need to bounds-check MAXLVT. Jan
