On Mon, Apr 15, 2013 at 03:12:24AM +0100, Ben Hutchings wrote: > Brad Spengler pointed out that some KVM security fixes are missing from > the 3.2 branches. Three recent commits were marked as such: > > c300aa64ddf5 KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) > 0b79459b482e KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) > a2c118bfab8b KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) > > The first and third of these can be cherry-picked cleanly onto 3.2.y, > while the second required backporting; I've attached my backported > version of that. The result passed the kvmclock unit tests, but the > apic unit tests failed on my test system (running Debian unstable): > > qemu: hardware error: isa irq 16 invalid > > However this is not a regression and is presumably a bug in QEMU, not > the kernel code. > > All these changes are already present in Debian's 3.2-based kernel > package and I don't think we've had any reports of regressions. > > These fixes are also needed for all other 3.x.y branches, but I haven't > tested on other branches. > > Ben. Looks like we also need commit 8f964525a121f2ff2df948dac908dcc65be21b5b, as it went into Linus's tree with the merge request "fixes the problem created with c300aa64ddf5". thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html