Date: Thu, 12 Dec 2013 21:49:17 +0100 From: Petr Matousek <pmatouse@...hat.com> To: linux-distros@...openwall.org Cc: ahonig@...gle.com, gleb@...hat.com, pbonzini@...hat.com, digitaleric@...gle.com, larsbull@...gle.com, oss-security@...ts.openwall.com Subject: Re: [vs-plain] kvm issues These bugs are public now. @Gleb/@...lo -- can you please commit the patches upstream? Thanks, Petr On Wed, Nov 27, 2013 at 06:32:32PM +0100, Petr Matousek wrote: > Hello, vendors. > > We've been informed about four issues affecting kvm: > > CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access > CVE-2013-6367 kernel: kvm: division by zero in apic_get_tmcct() > CVE-2013-6368 kernel: kvm: cross page vapic_addr access > CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id() > > Please see attachment for kvm upstream acked patches and descriptions. > > First three issues were found by Andrew Honig <ahonig@...gle.com> and > the last one by Lars Bull <larsbull@...gle.com> > > All four issues are embargoed until 2013-12-12 12:12 UTC. > > Regards, > -- > Petr Matousek / Red Hat Security Response Team > PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA Download attachment "kvm-issues.tgz" of type "application/x-gzip" (3912 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.