|
Message-ID: <4B67BA38.3090108@kernel.sg> Date: Tue, 02 Feb 2010 13:38:00 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request - kvm: cat /dev/port in the guest can cause host DoS The problem is pit_state->channels[] has 3 elements, and pit_ioport_read uses "addr" as index to pit_get_count, so inb(0x43) reads (and potentially writes) into other data of kvm_kpit_state. PIT control word (address 0x43) is write-only, reads are undefined. Triggering this can cause a general protection fault on the host. https://bugzilla.redhat.com/show_bug.cgi?id=560887 http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.