Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Dec 2013 21:49:17 +0100
From: Petr Matousek <pmatouse@...hat.com>
To: linux-distros@...openwall.org
Cc: ahonig@...gle.com, gleb@...hat.com, pbonzini@...hat.com,
        digitaleric@...gle.com, larsbull@...gle.com,
        oss-security@...ts.openwall.com
Subject: Re: [vs-plain] kvm issues

These bugs are public now.

@Gleb/@...lo -- can you please commit the patches upstream?

Thanks,
Petr

On Wed, Nov 27, 2013 at 06:32:32PM +0100, Petr Matousek wrote:

> Hello, vendors.
> 
> We've been informed about four issues affecting kvm:
> 
> CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
> CVE-2013-6367 kernel: kvm: division by zero in apic_get_tmcct()
> CVE-2013-6368 kernel: kvm: cross page vapic_addr access
> CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
> 
> Please see attachment for kvm upstream acked patches and descriptions.
> 
> First three issues were found by Andrew Honig <ahonig@...gle.com> and
> the last one by Lars Bull <larsbull@...gle.com>
> 
> All four issues are embargoed until 2013-12-12 12:12 UTC.
> 
> Regards,
> -- 
> Petr Matousek / Red Hat Security Response Team
> PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Download attachment "kvm-issues.tgz" of type "application/x-gzip" (3912 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.