From: Avi Kivity <avi@redhat.com>
Date: Sun, 4 Oct 2009 14:45:13 +0000 (+0200)
Subject: KVM: Prevent overflow in KVM_GET_SUPPORTED_CPUID (CVE-2009-3638)
X-Git-Tag: v2.6.27.39~12
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=997138858db742022a87db305136f7e44d50c3b1;p=pandora-kernel.git

KVM: Prevent overflow in KVM_GET_SUPPORTED_CPUID (CVE-2009-3638)

commit 6a54435560efdab1a08f429a954df4d6c740bddf upstream.

The number of entries is multiplied by the entry size, which can
overflow on 32-bit hosts.  Bound the entry count instead.

Reported-by: David Wagner <daw@cs.berkeley.edu>
Signed-off-by: Avi Kivity <avi@redhat.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

Reading git-diff-tree failed