Date: Wed, 11 Jan 2012 21:19:43 +0100 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request -- kernel: kvm: syscall instruction induced guest panic "32bit guests will crash (and 64bit guests may behave in a wrong way) for example by simply executing following nasm-demo-application: [bits 32] global _start SECTION .text _start: syscall The reason seems a missing "invalid opcode"-trap (int6) for the syscall opcode "0f05", which is not available on Intel CPUs within non-longmodes, as also on some AMD CPUs within legacy-mode. (depending on CPU vendor, MSR_EFER and cpuid) Because previous mentioned OSs may not engage corresponding syscall target-registers (STAR, LSTAR, CSTAR), they remain NULL and (non trapping) syscalls are leading to multiple faults and finally crashs." References: https://bugzilla.redhat.com/show_bug.cgi?id=773370 https://lkml.org/lkml/2011/12/28/170 http://www.spinics.net/lists/kvm/msg66633.html Proposed patch: http://www.spinics.net/lists/kvm/msg66633.html Credits: Stephan Bärwolf Introduced by: e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32 Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.