Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Dec 2016 13:01:32 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support
> is vulnerable to an out-of-bounds memory access issue. It could occur on x86
> platform, while servicing I/O APIC requests with larger vcpu_id.
> 
> A guest user/process could use this flaw to crash the host kernel resulting in
> DoS or it could potentially be used to escalate privileges on a host.
> 
> https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755
> https://bugzilla.redhat.com/show_bug.cgi?id=1400804

>> KVM: x86: fix out-of-bounds accesses of rtc_eoi map
>> KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be bigger
>> that the maximal number of VCPUs, resulting in out-of-bounds access.

Use CVE-2016-9777.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYQbY8AAoJEHb/MwWLVhi2E6UP/3Od6kwDOaaTEft5Cuqq33E3
Pk4zhnbtJa1Vo+obCpQreKP8Oq7oCThS0vDTHdfG2CgKg8tb1JtU3CGZFjxSewQR
ZMZ/zY0WvTVT52MWeQyQv6+WRRMQ0yDdnIAGwkkRlTFSniy+TVzABb6dLkYKTvFM
lRRROHOs/A4lknKXiCYRwGq8UyZ1i3Yr3uG8uzdGXBb5mDEmwp3C3CcFDpHsgThf
w2i0W0z+lqx4jkBAbL37T0ev3nSBgP8HLaAOx4hoIX/+/eHQ66NYq6Tu5t6OdPVq
6orHYpY1kq9R84hZ6C8jDJfTHyRbje82thzGzoSKPF4rmpNaKUIpKVGxVUXkYcvY
ZqJc4sN2oMoQWXM/rL27maBdKqwxX7HRN5WzsTfJdQN5AJW1J45aW9J7C1XyG6ms
0Po83l4dp8E7XDU8EVR4UJEiSBjAF8Dsns/tssql3mxtbh5yoAeg2R95nud5PPFH
C9V++FSvycUFpSBZa4zjSaEOIWjnsqMo1npgKvCEXZeevtgWKK8ogIhx42keyd5P
ypPY2K0mnTS0olx+nJl41Nxc7iJv0V5/pdJI6BDlSXitAaJWvgWlU3SHD9CI77hW
2gu8mrzq5r0P8UsfgtdfReLpdBTUZmG1WWd1exyFV00xJvO9opXbQcH3ocJONtcq
yprynboLM9ZITozRH1L2
=f3+j
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.