oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences

From: P J P <ppandit () redhat com>
Date: Mon, 26 Aug 2013 18:20:39 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  Hello,
Linux kernel built for the ARM(CONFIG_ARM) platform along with the Kernel based Virtual Machine support(CONFIG_KVM), is vulnerable to a NULL pointer dereference flaw. It occurs while performing an ioctl(KVM_GET_REG_LIST) call on the KVM device, without first properly initialising a vCPU.
An unprivileged user/program could use this flaw to crash the kernel resulting in DoS. 

Upstream fix:
- -------------
 -> https://git.kernel.org/linus/e8180dcaa8470ceca21109f143876fdcd9fe050a


Thank you.
- --
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSG08fAAoJENBIeGA2VWArjdEP/j48jh4JXwQ6C8QgPfbR68T1
LmKy4msORq5GDTzmUezMG9bU5LcGLb3TwLEn3KT015t+ivf4uOMEhkwTcoeflNYG
Scjf060soX1s4wC/5X8iD85y7rUeMGiytCDqOqURlBRyR4gMwEYsP9+QYRQNWXhr
2ZT2puOedF06/sC5P9SfBEN33kRe7hgi3x1w9wEau0wBvkBKRDwekuhYYPtq0soE
zxW35xWHS03DdLSxGUrr1oB9No+ZduPlV4U6mmXJlITQhXUjyAF0tbOrwXtoYDIz
hRhAeiwBSyadSasrekdovFZa1UvRGHru6coUzoO6N0HDbqkooHuz4ZGikQ7Ahj19
E9OnabBIlQWRa+QxvWp2NwqoPuRP4jKGcMRQEB1VbGDJ/HV0dRLxvF2MtnYzp5uv
TlPUVDRTfwk5UIQUTj0j1zsBaCJU+orxDwbnxXJ9+T993CPYYzkfxaYhtd6q5KBx
XPlfcnddOYFfONxPbMt/n2WG81e/XKfU8E2qdiFD0rByxbodlCj0gelMtJ+OGpXK
lIumz9JFNXZngfziq4x2kNCX+UB+oootDTxLgrJYN2CSUGWtcAWvmG/XOEr5O36C
n8C6gkRjNMrGXEUYiv0kXO5+ayK02TeZE4l7r0XYlQIUFxXkqXpWBlVGSSq+G77g
N8e9KKF02cScY2Mi2KIJ
=4Xq6
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: