[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: KVM: x86: Disallow hypercalls
From:       Eugene Teo <eugene () redhat ! com>
Date:       2009-09-22 12:09:12
Message-ID: 4AB8BE68.9070800 () redhat ! com
[Download RAW message or body]

Steven M. Christey wrote:
> Eugene, you said "access" kernel memory - do you mean read, write, or
> both?

I meant both. Thanks.

Eugene

> - Steve
> 
> 
> ======================================================
> Name: CVE-2009-3290
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3290
> Reference: MLIST:[oss-security] 20090918 CVE request: kernel: KVM: x86: Disallow hypercalls \
>                 for guest callers in rings > 0
> Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/18/1
> Reference: MLIST:[oss-security] 20090921 Re: CVE request: kernel: KVM: x86: Disallow \
>                 hypercalls for guest callers in rings > 0
> Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/21/1
> Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd
>                 
> Reference: CONFIRM:http://patchwork.kernel.org/patch/38926/
> Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=524124
> 
> The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the
> Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when
> running on x86 systems, does not prevent access to MMU hypercalls from
> ring 0, which allows local guest OS users to cause a denial of service
> (guest kernel crash) and read guest kernel memory via unspecified
> "random addresses."
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]