oss-sec mailing list archives
CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0
From: Eugene Teo <eugeneteo () kernel sg>
Date: Fri, 18 Sep 2009 08:48:50 +0800
"So far unprivileged guest callers running in ring 3 can issue, e.g., MMU hypercalls. Normally, such callers cannot provide any hand-crafted MMU command structure as it has to be passed by its physical address, but they can still crash the guest kernel by passing random addresses.
To close the hole, this patch considers hypercalls valid only if issued from guest ring 0. This may still be relaxed on a per-hypercall base in the future once required."
This was introduced in v2.6.25-rc1, and fixed in 2.6.31. cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C Upstream commit: http://git.kernel.org/linus/07708c4af1346ab1521b26a202f438366b7bcffd References: http://patchwork.kernel.org/patch/38926/ https://bugzilla.redhat.com/show_bug.cgi?id=524124 Thanks, Eugene
Current thread:
- CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 17)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 20)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Steven M. Christey (Sep 22)
- Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo (Sep 20)