Commit a430c9166312e1aa3d80bce32374233bdbfeba32
1 parent
08da44aedb
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
KVM: emulate: avoid accessing NULL ctxt->memopp
A failure to decode the instruction can cause a NULL pointer access. This is fixed simply by moving the "done" label as close as possible to the return. This fixes CVE-2014-8481. Reported-by: Andy Lutomirski <luto@amacapital.net> Cc: stable@vger.kernel.org Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
arch/x86/kvm/emulate.c
... | ... | @@ -4580,10 +4580,10 @@ |
4580 | 4580 | /* Decode and fetch the destination operand: register or memory. */ |
4581 | 4581 | rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask); |
4582 | 4582 | |
4583 | -done: | |
4584 | 4583 | if (ctxt->rip_relative) |
4585 | 4584 | ctxt->memopp->addr.mem.ea += ctxt->_eip; |
4586 | 4585 | |
4586 | +done: | |
4587 | 4587 | return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK; |
4588 | 4588 | } |
4589 | 4589 |