oss-sec mailing list archives
CVE request -- kernel: kvm: syscall instruction induced guest panic
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 11 Jan 2012 21:19:43 +0100
"32bit guests will crash (and 64bit guests may behave in a wrong way) for example by simply executing following nasm-demo-application: [bits 32] global _start SECTION .text _start: syscall The reason seems a missing "invalid opcode"-trap (int6) for the syscall opcode "0f05", which is not available on Intel CPUs within non-longmodes, as also on some AMD CPUs within legacy-mode. (depending on CPU vendor, MSR_EFER and cpuid) Because previous mentioned OSs may not engage corresponding syscall target-registers (STAR, LSTAR, CSTAR), they remain NULL and (non trapping) syscalls are leading to multiple faults and finally crashs." References: https://bugzilla.redhat.com/show_bug.cgi?id=773370 https://lkml.org/lkml/2011/12/28/170 http://www.spinics.net/lists/kvm/msg66633.html Proposed patch: http://www.spinics.net/lists/kvm/msg66633.html Credits: Stephan Bärwolf Introduced by: e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- kernel: kvm: syscall instruction induced guest panic Petr Matousek (Jan 11)
- Re: CVE request -- kernel: kvm: syscall instruction induced guest panic Kurt Seifried (Jan 11)