Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()vgic_v2_parse_attr() is responsible for finding the vCPU that matchesthe user-provided CPUID, which (of course) may not be valid. If the IDis invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handledgracefully.Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()actually returns something and fail the ioctl if not.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds