Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Dec 2013 21:49:17 +0100
From: Petr Matousek <>
Subject: Re: [vs-plain] kvm issues

These bugs are public now.

@Gleb/@...lo -- can you please commit the patches upstream?


On Wed, Nov 27, 2013 at 06:32:32PM +0100, Petr Matousek wrote:

> Hello, vendors.
> We've been informed about four issues affecting kvm:
> CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
> CVE-2013-6367 kernel: kvm: division by zero in apic_get_tmcct()
> CVE-2013-6368 kernel: kvm: cross page vapic_addr access
> CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
> Please see attachment for kvm upstream acked patches and descriptions.
> First three issues were found by Andrew Honig <> and
> the last one by Lars Bull <>
> All four issues are embargoed until 2013-12-12 12:12 UTC.
> Regards,
> -- 
> Petr Matousek / Red Hat Security Response Team
> PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Download attachment "kvm-issues.tgz" of type "application/x-gzip" (3912 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ