Date: Wed, 11 Jan 2012 17:09:25 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- kernel: kvm: syscall instruction induced guest panic On 01/11/2012 01:19 PM, Petr Matousek wrote: > "32bit guests will crash (and 64bit guests may behave in a > wrong way) for example by simply executing following > nasm-demo-application: > > [bits 32] > global _start > SECTION .text > _start: syscall > > The reason seems a missing "invalid opcode"-trap (int6) for the > syscall opcode "0f05", which is not available on Intel CPUs > within non-longmodes, as also on some AMD CPUs within legacy-mode. > (depending on CPU vendor, MSR_EFER and cpuid) > > Because previous mentioned OSs may not engage corresponding > syscall target-registers (STAR, LSTAR, CSTAR), they remain > NULL and (non trapping) syscalls are leading to multiple > faults and finally crashs." > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=773370 > https://lkml.org/lkml/2011/12/28/170 > http://www.spinics.net/lists/kvm/msg66633.html > > Proposed patch: > http://www.spinics.net/lists/kvm/msg66633.html > > Credits: > Stephan Bärwolf > > Introduced by: > e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32 > > Thanks, Please use CVE-2012-0045 for this issue. -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ