Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4AB2D8F2.4090002@kernel.sg>
Date: Fri, 18 Sep 2009 08:48:50 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers
 in rings > 0

"So far unprivileged guest callers running in ring 3 can issue, e.g., 
MMU hypercalls. Normally, such callers cannot provide any hand-crafted 
MMU command structure as it has to be passed by its physical address, 
but they can still crash the guest kernel by passing random addresses.

To close the hole, this patch considers hypercalls valid only if issued 
from guest ring 0. This may still be relaxed on a per-hypercall base in 
the future once required."

This was introduced in v2.6.25-rc1, and fixed in 2.6.31.

cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C

Upstream commit:
http://git.kernel.org/linus/07708c4af1346ab1521b26a202f438366b7bcffd

References:
http://patchwork.kernel.org/patch/38926/
https://bugzilla.redhat.com/show_bug.cgi?id=524124

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.