Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Dec 2013 21:49:17 +0100
From: Petr Matousek <pmatouse@...hat.com>
To: linux-distros@...openwall.org
Cc: ahonig@...gle.com, gleb@...hat.com, pbonzini@...hat.com,
        digitaleric@...gle.com, larsbull@...gle.com,
        oss-security@...ts.openwall.com
Subject: Re: [vs-plain] kvm issues

These bugs are public now.

@Gleb/@...lo -- can you please commit the patches upstream?

Thanks,
Petr

On Wed, Nov 27, 2013 at 06:32:32PM +0100, Petr Matousek wrote:

> Hello, vendors.
> 
> We've been informed about four issues affecting kvm:
> 
> CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
> CVE-2013-6367 kernel: kvm: division by zero in apic_get_tmcct()
> CVE-2013-6368 kernel: kvm: cross page vapic_addr access
> CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
> 
> Please see attachment for kvm upstream acked patches and descriptions.
> 
> First three issues were found by Andrew Honig <ahonig@...gle.com> and
> the last one by Lars Bull <larsbull@...gle.com>
> 
> All four issues are embargoed until 2013-12-12 12:12 UTC.
> 
> Regards,
> -- 
> Petr Matousek / Red Hat Security Response Team
> PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

[ CONTENT OF TYPE application/x-gzip SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ