Re: some vulns

2020-02-25 Thread Pratik Vyas
* Maxime Villard [2020-02-22 12:16:35 +0100]: CVSROOT:/cvs Module name:src Changes by: morti...@cvs.openbsd.org2020/02/15 15:59:55 Modified files: sys/arch/amd64/amd64: vmm.c Log message: Add bounds check on addresses passed from guests in pvclock. Fixes an is

Re: some vulns

2020-02-22 Thread Maxime Villard
CVSROOT:/cvs Module name:src Changes by: morti...@cvs.openbsd.org2020/02/15 15:59:55 Modified files: sys/arch/amd64/amd64: vmm.c Log message: Add bounds check on addresses passed from guests in pvclock. Fixes an issue where a guest can write to host memory by pas

some vulns

2020-02-15 Thread Maxime Villard
In vmm_update_pvclock(): 6868pvclock_gpa = vcpu->vc_pvclock_system_gpa & 0xFFF0; <-- controlled by the guest 6869if (!pmap_extract(vm->vm_map->pmap, pvclock_gpa, &pvclock_hpa)) 6870return (EINVAL); 6871pvclock_ti = (void*) PMAP_DIRECT_MAP(pvclock_hpa); 6872 6