Patch "kvm: x86: Check memopp before dereference (CVE-2016-8630)" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 09 Nov 2016 11:26:38 +0100

This is a note to let you know that I've just added the patch titled

    kvm: x86: Check memopp before dereference (CVE-2016-8630)

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-x86-check-memopp-before-dereference-cve-2016-8630.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From d9092f52d7e61dd1557f2db2400ddb430e85937e Mon Sep 17 00:00:00 2001
From: Owen Hofmann <osh@xxxxxxxxxx>
Date: Thu, 27 Oct 2016 11:25:52 -0700
Subject: kvm: x86: Check memopp before dereference (CVE-2016-8630)

From: Owen Hofmann <osh@xxxxxxxxxx>

commit d9092f52d7e61dd1557f2db2400ddb430e85937e upstream.

Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
check for non-NULL under incorrect assumptions. An undefined instruction
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
to dereference a null pointer here.

Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Message-Id: <1477592752-126650-2-git-send-email-osh@xxxxxxxxxx>
Signed-off-by: Owen Hofmann <osh@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/x86/kvm/emulate.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5033,7 +5033,7 @@ done_prefixes:
 	/* Decode and fetch the destination operand: register or memory. */
 	rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
 
-	if (ctxt->rip_relative)
+	if (ctxt->rip_relative && likely(ctxt->memopp))
 		ctxt->memopp->addr.mem.ea = address_mask(ctxt,
 					ctxt->memopp->addr.mem.ea + ctxt->_eip);
 


Patches currently in stable-queue which might be from osh@xxxxxxxxxx are

queue-4.4/kvm-x86-check-memopp-before-dereference-cve-2016-8630.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






