Project

General

Profile

Actions

Bug #15003

open

Corrupt AMD microcode equivalence-table not properly handled

Added by Andy Fiddaman 5 days ago. Updated 4 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:

Description

There are two bugs in the handling of the AMD CPU microcode equivalence-table where the kernel assumes that is properly formed. Specifically that its size is a multiple of sizeof (ucode_eqtbl_amd_t), and that ends with 16 zero bytes. If either of these are not true, the kernel can read off the end of the memory it allocated to hold the table.

Actions #1

Updated by Andy Fiddaman 5 days ago

  • Subject changed from Corrupt AMD microcode equivalence-table file not properly handled to Corrupt AMD microcode equivalence-table not properly handled
Actions #2

Updated by Electric Monk 4 days ago

  • Gerrit CR set to 2389
Actions

Also available in: Atom PDF