Date: Tue, 21 Oct 2014 13:48:03 -0700 From: Andy Lutomirski <luto@...capital.net> To: oss-security@...ts.openwall.com, Petr Matousek <pmatouse@...hat.com> Subject: CVE-2014-3690: KVM DoS triggerable by malicious host userspace [sorry for somewhat late notice -- I didn't notice that the patch was public until just now] KVM has a bug that allows malicious host user code that can open the /dev/kvm device on a VMX (Intel) machine to DoS the system. (In my proof of concept, the DoS is a rather spectacular failure of the whole system, although I haven't checked whether the kernel panics. A more refined exploit *might* be able to kill targetted user processes, but it would be tricky and is subject to possibly unavoidable races that are likely to take down the whole system.) This is *not* triggerable by a guest, although a guest that can compromise its host QEMU could use this bug to take down everything else running on the host. I would guess that all kernels that support VMX are vulnerable, but I haven't tested old kernels. The fix is here: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a PoC available upon request, and I'll post it publicly in a few days, because it's kind of fun to watch the fireworks. --Andy
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.