Full Disclosure mailing list archives
Possible VT-x enabled Intel CPU Crash Vulnerability
From: unknown user <mac68k () gmail com>
Date: Wed, 31 Mar 2010 01:24:49 +0900
Title: Possible VT-x enabled Intel CPU Crash Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Local (Confirmed) Time line: 2009/03/08 - Discover 2009/07/25 - Vendor notification 2010/03/30 - Release Affected version: Maybe all VT-x enabled Intel CPU (Tested under Intel Core 2 Duo T7400 Stepping B1 (VT-x enabled), Intel Core 2 Duo T7500 Stepping G0 (VT-x enabled)) Not affected version: All VT-x disabled Intel CPU Description: VT-x enabled Intel CPU have possible crash(hang or reboot) vulnerability. Vulnerability can triggered by coLinux 0.7.4 and VirtualBox 3.0.2. Proof of Concept code: None Proof of Concept example: 1. Case 1 1) Install and run any Windows(Windows 7 recommended) x86(32bit) host OS. 2) Install any VT-x enable VM(Windows Virtual PC Beta recommended) 3) Install any VT-x enable VM guest. 4) Install coLinux. 5) Install any coLinux guest. 6) Run both. 2. Case 2 1) Install and run any(Windows or Linux recommended) x86(32bit) host OS. 2) Install and run VirtualBox. 3) Install and run any x64(64bit) guest OS on VirtualBox. Proof of Concept screen shot: None References: 1) Sun xVM VirtualBox 3.0.2 User Manual [64-bit guest on some 32-bit host systems with VT-x, p.213] - http://download.virtualbox.org/virtualbox/3.0.2/UserManual.pdf 2) Problems with 32bit ubuntu host and 64bit RH5.3 guest - http://www.virtualbox.org/ticket/3558 3) slackware64 (64bit) guest hangs slackware (32bit) host during installation - http://www.virtualbox.org/ticket/4074 4) Snapshot 20090520 of version 0.8.0 with kernel 2.6.22.18, compiled with gcc 4.2.1 Detects other virtualization that is running in VMX mode (Virtual Box and Virtual PC). - http://colinux.org/snapshots/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible VT-x enabled Intel CPU Crash Vulnerability unknown user (Mar 31)