Am 23.11.2016 um 21:15 schrieb Radim Krčmář:
KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be
bigger that the maximal number of VCPUs, resulting in out-of-bounds
access.
Found by syzkaller:
BUG: KASAN: slab-out-of-bounds in __apic_accept_irq+0xb33/0xb50 at addr [...]
W
+-- On Wed, 23 Nov 2016, Paolo Bonzini wrote --+
| On 23/11/2016 21:15, Radim Krčmář wrote:
| > KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be
| > bigger that the maximal number of VCPUs, resulting in out-of-bounds
| > access.
| >
| > Found by syzkaller:
| >
| > BUG: KAS
On 23/11/2016 21:15, Radim Krčmář wrote:
> KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be
> bigger that the maximal number of VCPUs, resulting in out-of-bounds
> access.
>
> Found by syzkaller:
>
> BUG: KASAN: slab-out-of-bounds in __apic_accept_irq+0xb33/0xb50 at addr
KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be
bigger that the maximal number of VCPUs, resulting in out-of-bounds
access.
Found by syzkaller:
BUG: KASAN: slab-out-of-bounds in __apic_accept_irq+0xb33/0xb50 at addr [...]
Write of size 1 by task a.out/27101
CPU: 1 PID
4 matches
Mail list logo
