oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0

From: Eugene Teo <eugene () redhat com>
Date: Tue, 22 Sep 2009 20:09:12 +0800
Steven M. Christey wrote:

Eugene, you said "access" kernel memory - do you mean read, write, or
both?


I meant both. Thanks.

Eugene


- Steve


======================================================
Name: CVE-2009-3290
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3290
Reference: MLIST:[oss-security] 20090918 CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings 
> 0
Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/18/1
Reference: MLIST:[oss-security] 20090921 Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings 
> 0
Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/21/1
Reference: 
CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd
Reference: CONFIRM:http://patchwork.kernel.org/patch/38926/
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=524124

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the
Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when
running on x86 systems, does not prevent access to MMU hypercalls from
ring 0, which allows local guest OS users to cause a denial of service
(guest kernel crash) and read guest kernel memory via unspecified
"random addresses."
Previous By Date Next
Previous By Thread Next

Current thread: