Date: Mon, 21 Sep 2009 10:37:18 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo wrote: > "So far unprivileged guest callers running in ring 3 can issue, e.g., > MMU hypercalls. Normally, such callers cannot provide any hand-crafted > MMU command structure as it has to be passed by its physical address, > but they can still crash the guest kernel by passing random addresses. > > To close the hole, this patch considers hypercalls valid only if issued > from guest ring 0. This may still be relaxed on a per-hypercall base in > the future once required." So, besides the crash, users in the guest can access the guest kernel memory, so the impact is actually more serious than what was noted in the commit changelog. Take note. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.