| commit | ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb | |
| author | Prasad J Pandit <pjp@fedoraproject.org> | |
| Thu, 7 Sep 2017 06:32:56 +0000 (7 12:02 +0530) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Tue, 19 Sep 2017 12:09:33 +0000 (19 14:09 +0200) | ||
| tree | 35e7cad7148de76b5a352782471920844ef5fa93 | treesnapshot (tar.gz zip) |
| parent | 80cac47e951f2d94e7f7b9b112612acb2af9c3ca | commitdiff |
multiboot: validate multiboot header address values
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. These addresses are used to compute kernel
size and kernel text offset in the OS image. Validate these
address values to avoid an OOB access issue.
This is CVE-2017-14167.
Reported-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170907063256.7418-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. These addresses are used to compute kernel
size and kernel text offset in the OS image. Validate these
address values to avoid an OOB access issue.
This is CVE-2017-14167.
Reported-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170907063256.7418-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/i386/multiboot.c | diffblobblamehistory |