21 lines
643 B
Plaintext
21 lines
643 B
Plaintext
$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:08:44 spz Exp $
|
|
|
|
xsa123.patch from upstream:
|
|
For ModRM encoded instructions with register operands we must not
|
|
overwrite ea.mem.seg (if a - bogus in that case - segment override was
|
|
present) as it aliases with ea.reg.
|
|
|
|
This is CVE-2015-2151 / XSA-123.
|
|
|
|
--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-01-12 16:53:24.000000000 +0000
|
|
+++ xen/arch/x86/x86_emulate/x86_emulate.c
|
|
@@ -1756,7 +1756,7 @@ x86_emulate(
|
|
}
|
|
}
|
|
|
|
- if ( override_seg != -1 )
|
|
+ if ( override_seg != -1 && ea.type == OP_MEM )
|
|
ea.mem.seg = override_seg;
|
|
|
|
/* Early operand adjustments. */
|