oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set

From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 6 Nov 2012 19:30:40 +0100
A flaw has been found in the way Linux kernel's KVM subsystem handled
vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts
without the XSAVE feature and using qemu userspace an unprivileged
local user could use this flaw to crash the system.

Acknowledgements:

Red Hat would like to thank Jon Howell for reporting this issue.

Proposed upstream fix:
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742

References:
https://bugzilla.redhat.com/show_bug.cgi?id=862900
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: