On Sun, Apr 14, 2013 at 07:17:22PM -0700, Greg KH wrote: > On Mon, Apr 15, 2013 at 03:12:24AM +0100, Ben Hutchings wrote: > > Brad Spengler pointed out that some KVM security fixes are missing from > > the 3.2 branches. Three recent commits were marked as such: > > > > c300aa64ddf5 KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) > > 0b79459b482e KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) > > a2c118bfab8b KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) > > > > The first and third of these can be cherry-picked cleanly onto 3.2.y, > > while the second required backporting; I've attached my backported > > version of that. The result passed the kvmclock unit tests, but the > > apic unit tests failed on my test system (running Debian unstable): > > > > qemu: hardware error: isa irq 16 invalid > > > > However this is not a regression and is presumably a bug in QEMU, not > > the kernel code. > > > > All these changes are already present in Debian's 3.2-based kernel > > package and I don't think we've had any reports of regressions. > > > > These fixes are also needed for all other 3.x.y branches, but I haven't > > tested on other branches. > > Thanks for letting me know, I've been relying on the KVM maintainers to > let us know what patches need to be applied for stable branches, but > that hasn't happened in a _long_ time. > > Can some KVM developer let me know if they have an objection to me > taking these patches? No objections. > Brad, thanks for letting us know about this, much appreciated. > > thanks, > > greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html