KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
authorPaolo Bonzini <pbonzini@redhat.com>
Wed, 4 Dec 2019 09:28:54 +0000 (10:28 +0100)
committerPaolo Bonzini <pbonzini@redhat.com>
Wed, 4 Dec 2019 11:14:41 +0000 (12:14 +0100)
commit433f4ba1904100da65a311033f17a9bf586b287e
treeaa0ec5e38b98fe7835f354af7af331ec96b55876
parent3525d0ccd92c760d22b8ee26f484fb7e9941c99c
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

The bounds check was present in KVM_GET_SUPPORTED_CPUID but not
KVM_GET_EMULATED_CPUID.

Reported-by: syzbot+e3f4897236c4eeb8af4f@syzkaller.appspotmail.com
Fixes: 84cffe499b94 ("kvm: Emulate MOVBE", 2013-10-29)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/cpuid.c