Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 11 Jan 2012 17:09:25 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request -- kernel: kvm: syscall instruction
 induced guest panic

On 01/11/2012 01:19 PM, Petr Matousek wrote:
> "32bit guests will crash (and 64bit guests may behave in a
> wrong way) for example by simply executing following
> nasm-demo-application:
>
>     [bits 32]
>     global _start
>     SECTION .text
>     _start: syscall
>
> The reason seems a missing "invalid opcode"-trap (int6) for the
> syscall opcode "0f05", which is not available on Intel CPUs
> within non-longmodes, as also on some AMD CPUs within legacy-mode.
> (depending on CPU vendor, MSR_EFER and cpuid)
>
> Because previous mentioned OSs may not engage corresponding
> syscall target-registers (STAR, LSTAR, CSTAR), they remain
> NULL and (non trapping) syscalls are leading to multiple
> faults and finally crashs."
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=773370
> https://lkml.org/lkml/2011/12/28/170
> http://www.spinics.net/lists/kvm/msg66633.html
>
> Proposed patch:
> http://www.spinics.net/lists/kvm/msg66633.html
>
> Credits:
> Stephan Bärwolf
>
> Introduced by:
> e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32
>
> Thanks,
Please use CVE-2012-0045 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.