| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Oct 2022 19:50:06 +0200
From: "Rafael J. Wysocki" <rjw@...ysocki.net>
To: Linux ACPI <linux-acpi@...r.kernel.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Bob Moore <robert.moore@...el.com>
Subject: [PATCH 03/11] ACPICA: Check that EBDA pointer is in valid memory
From: Vit Kabele <vit@...ele.me>
ACPICA commit cc9e7763ceb2e2649fe3422130416d84a3c6854a
If the memory at 0x40e is uninitialized, the retrieved physical_memory
address of EBDA may be beyond the low memory (i.e. above 640K).
If so, the kernel may unintentionally access the VGA memory, that
might not be decoded or even present in case of virtualization.
Link: https://github.com/acpica/acpica/commit/cc9e7763
Signed-off-by: Vit Kabele <vit@...ele.me>
Signed-off-by: Bob Moore <robert.moore@...el.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
---
drivers/acpi/acpica/tbxfroot.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: linux-pm/drivers/acpi/acpica/tbxfroot.c
===================================================================
--- linux-pm.orig/drivers/acpi/acpica/tbxfroot.c
+++ linux-pm/drivers/acpi/acpica/tbxfroot.c
@@ -139,7 +139,11 @@ acpi_find_root_pointer(acpi_physical_add
/* EBDA present? */
- if (physical_address > 0x400) {
+ /*
+ * Check that the EBDA pointer from memory is sane and does not point
+ * above valid low memory
+ */
+ if (physical_address > 0x400 && physical_address < 0xA0000) {
/*
* 1b) Search EBDA paragraphs (EBDA is required to be a
* minimum of 1K length)
Powered by blists - more mailing lists