Michael Ellerman writes:
> The Linux kernel for powerpc since v3.10 has a bug which allows a malicious
> KVM guest to
> corrupt host memory.
>
> In the handling of the H_RTAS hypercall, args.rets is made to point into the
> args.args
> buffer which is located on the stack:
>
> args.rets =
The Linux kernel for powerpc since v3.10 has a bug which allows a malicious KVM
guest to
corrupt host memory.
In the handling of the H_RTAS hypercall, args.rets is made to point into the
args.args
buffer which is located on the stack:
args.rets = &args.args[be32_to_cpu(args.nargs)];
Ho
