oss-sec mailing list archives

Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow

From: bo Zhang <zhangbo5891001 () gmail com>
Date: Wed, 9 Oct 2019 10:56:15 +0800

Hi, Tina
This vulnerability is a kernel vul and different verison of Qemu should not
affect the reproduce. Try the following steps:

1. The guest kernel patch is for this version:
Ubuntu-hwe-4.15.0-50.54_16.04.1(
https://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/tree/drivers/virtio/virtio_ring.c?h=Ubuntu-hwe-4.15.0-50.54_16.04.1),
if you use different kernel version, the patch may need to be modified
slightly.
The patch makes the guest kernel create a invalid descriptor table and the
echo command is just to trigger the bug through a kernel variable.

2. Ubuntu had released the patched kernel, the host kernel you used should
not be patched(< 5.2.x) for reproducing the vulnerability.

Thanks!
cradmin of Tencent Blade Team

Current thread:

Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li (Oct 03)
- Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow bo Zhang (Oct 09)
  - Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li (Oct 09)