oss-sec mailing list archives
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0
From: Eugene Teo <eugene () redhat com>
Date: Tue, 22 Sep 2009 20:09:12 +0800
Steven M. Christey wrote:
Eugene, you said "access" kernel memory - do you mean read, write, or both?
I meant both. Thanks. Eugene
- Steve ====================================================== Name: CVE-2009-3290 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3290 Reference: MLIST:[oss-security] 20090918 CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/18/1 Reference: MLIST:[oss-security] 20090921 Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/21/1 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd Reference: CONFIRM:http://patchwork.kernel.org/patch/38926/ Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=524124 The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read guest kernel memory via unspecified "random addresses."
Current thread:
- CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 17)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 20)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Steven M. Christey (Sep 22)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 22)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Steven M. Christey (Sep 22)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 20)