Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Jan 2012 21:19:43 +0100
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request -- kernel: kvm: syscall instruction induced guest panic

"32bit guests will crash (and 64bit guests may behave in a
wrong way) for example by simply executing following
nasm-demo-application:

    [bits 32]
    global _start
    SECTION .text
    _start: syscall

The reason seems a missing "invalid opcode"-trap (int6) for the
syscall opcode "0f05", which is not available on Intel CPUs
within non-longmodes, as also on some AMD CPUs within legacy-mode.
(depending on CPU vendor, MSR_EFER and cpuid)

Because previous mentioned OSs may not engage corresponding
syscall target-registers (STAR, LSTAR, CSTAR), they remain
NULL and (non trapping) syscalls are leading to multiple
faults and finally crashs."

References:
https://bugzilla.redhat.com/show_bug.cgi?id=773370
https://lkml.org/lkml/2011/12/28/170
http://www.spinics.net/lists/kvm/msg66633.html

Proposed patch:
http://www.spinics.net/lists/kvm/msg66633.html

Credits:
Stephan Bärwolf

Introduced by:
e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ