oss-sec mailing list archives

Re: [vs-plain] kvm issues

From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 12 Dec 2013 21:49:17 +0100

These bugs are public now.

@Gleb/@Paolo -- can you please commit the patches upstream?

Thanks,
Petr

On Wed, Nov 27, 2013 at 06:32:32PM +0100, Petr Matousek wrote:

Hello, vendors.

We've been informed about four issues affecting kvm:

CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
CVE-2013-6367 kernel: kvm: division by zero in apic_get_tmcct()
CVE-2013-6368 kernel: kvm: cross page vapic_addr access
CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()

Please see attachment for kvm upstream acked patches and descriptions.

First three issues were found by Andrew Honig <ahonig () google com> and
the last one by Lars Bull <larsbull () google com>

All four issues are embargoed until 2013-12-12 12:12 UTC.

Regards,
-- 
Petr Matousek / Red Hat Security Response Team
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Attachment: kvm-issues.tgz
Description:

Current thread:

Re: [vs-plain] kvm issues Petr Matousek (Dec 12)
- Re: [vs-plain] kvm issues Paolo Bonzini (Dec 13)