Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Nov 2015 08:40:18 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite
 loop in microcode via #AC exception

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  Hello,

A guest to host DoS issue was found affecting various hypervisors. In that, a 
a guest can DoS the host by triggering an infinite stream of "alignment check" 
(#AC) exceptions. This causes the microcode to enter an infinite loop where 
the core never receives another interrupt. The host kernel panics due to this 
effect.

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1277557

This issue was found by Mr Ben Serebrin of Google Inc.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWQWAaAAoJEN0TPTL+WwQfwr4P/AnwgaRFeF8etPfs/cWd1+rH
sXGNlIrEGTx4ZvYDhkLn80X9dYrNp3B7pi1ACKsT9l9TfiZqgX91HyKKPb0oZ8C/
iZ/v+xveNFRQB7SCuJVjUBF8QB4QSPNq79KwjR+ANS3oNbrKXLDncCq/8qNi+5L6
90hJxAJzCY+XUhEa5NLz3/EMOZKI+UF2mEqwq13Dg5RWPFDvnHOX2w5XgLIpLluM
Y642Y0FYbS5Q+/emFZL3gD5uBLV0gMU5pVH/hmWdiIsMlTOgROyA1oTQoNlvQFV4
jkxMwF0gU4/WcSrixrHZexMuoRSJzc5e3ymMN2h38tLDVoZltsWexdvSHCHKyT4j
2NRsS13BUWUjQ16DYoIaMuIZkAtUqr6NjH5DS8CD5P9Dqdw6fvu0ElDgTZwaI/jr
Y/NSh38473T55t85U4FmP/NvsgGymnX9Fve7jMMTzMesmxybGEywv0SfTwJWd4Q8
/nZKaK3VgVGNIJMQX827ON9rcKeAtP+ZfGQiuzC78Wht0TkjGH/OcQFtW+yHJmGG
Jdvi/xKNmfOL8gmAhT2At+7++oHxalYsjMwV490ddUu3Bjb7vA6ufxpyJ1zO4ZKm
vD2eSzrWdiYWKmPhQ8NLTJ786w72DocrAcG+FAPC7vDISRymPR0CUmPpT2Qv0pr7
txfgULge22JegmMIKQ0W
=vFu8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ