[Qemu-devel] [5921] target-i386: fix CVE-2007-1322

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [5921] target-i386: fix CVE-2007-1322

From:	Aurelien Jarno
Subject:	[Qemu-devel] [5921] target-i386: fix CVE-2007-1322
Date:	Sun, 07 Dec 2008 18:15:37 +0000

Revision: 5921
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5921
Author:   aurel32
Date:     2008-12-07 18:15:36 +0000 (Sun, 07 Dec 2008)

Log Message:
-----------
target-i386: fix CVE-2007-1322

The icebp instruction can be abused to terminate the emulation,
resulting in denial of service.

Signed-off-by: Aurelien Jarno <address@hidden>

Modified Paths:
--------------
    trunk/target-i386/translate.c

Modified: trunk/target-i386/translate.c
===================================================================
--- trunk/target-i386/translate.c       2008-12-07 18:15:23 UTC (rev 5920)
+++ trunk/target-i386/translate.c       2008-12-07 18:15:36 UTC (rev 5921)
@@ -6564,6 +6564,7 @@
         gen_jmp_im(pc_start - s->cs_base);
         gen_helper_into(tcg_const_i32(s->pc - pc_start));
         break;
+#ifdef WANT_ICEBP
     case 0xf1: /* icebp (undocumented, exits to external debugger) */
         gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
 #if 1
@@ -6574,6 +6575,7 @@
         cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
 #endif
         break;
+#endif
     case 0xfa: /* cli */
         if (!s->vm86) {
             if (s->cpl <= s->iopl) {

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [5921] target-i386: fix CVE-2007-1322, Aurelien Jarno <=

Prev by Date: [Qemu-devel] [5920] slirp: fix CVE 2007-5729
Next by Date: [Qemu-devel] [5922] Some cleanups after dyngen removal
Previous by thread: [Qemu-devel] [5920] slirp: fix CVE 2007-5729
Next by thread: [Qemu-devel] [5922] Some cleanups after dyngen removal
Index(es):
- Date
- Thread