Off-by-one error in FLASK_AVC_CACHESTAT hypercall

ISSUE DESCRIPTION The FLASKAVCCACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. IMPACT An attacker can cause the hypervisor to read past the end of an array. This may result in...

integer overflow in several XSM/Flask hypercalls

ISSUE DESCRIPTION The FLASKGET,SETBOOL, FLASKUSER and FLASKCONTEXTTOSID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an...