oss-sec mailing list archives

Re: CVE request: Kernel: kvm: stack memory information leakage

From: <cve-assign () mitre org>
Date: Thu, 1 Dec 2016 14:13:14 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support
is vulnerable to an information leakage issue. It could occur on x86 platform,
in 32bit mode, while emulating instructions.

A user/process could use this flaw to leak host kernel memory bytes.

https://bugzilla.redhat.com/show_bug.cgi?id=1400468
https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c

KVM: x86: drop error recovery in em_jmp_far and em_ret_far

was left uninitialized outside of long mode


Use CVE-2016-9756.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYQHXsAAoJEHb/MwWLVhi2TgcQAIG2Ktz53lW9raKviMre4rfZ
X2KyP4Z3K5IKcpMhKZRIFbwTE9VdN7T+w6avgh896X/b+qOyL4iAyXSumVMVsAzZ
I5tr0qxJvL1wybm5v/+w+dwWySE9rETa6kYxhjt/SPqvNiO2MluysS2zt1IjG2IT
oN+NnXWOk5rgfl4lp3Ei2sbLOU/0dWd0XgVRVmA332toD+w+AcsHCQBPy0Bba11B
CHE8pzNqQr5R0237OuCEXd5aAQVw7YJKz6oQVii1HjK523m7Cf/C1NH6k/lAQby4
mJcuC41yApyiPB/Ch2iUg1IKg6b2b1himL12kDEgTvgejE/4x0BNTaMw5bYCPSAe
RhCNNMLmhKy6VBB3aUTKIGoFa0q/DplL9jGG5Jy2LQ9tg1rC68MWqrSdlHDDscxu
svTUMiPpboh83D5BYhVTXajQzVEgFktbGyycOgfT2cos5imbF9RPXYtu/QD5e+Pp
T/9ziafUnQ1YrU3X2wpV/v0P8mFoxsDVrEu8AMvvB/Q+tKyB62rSV/Fc952M52K3
eeJPGEC83G7O51ZAuEXGaJGqSTQ90UrPM38fOJIYOmX18HwaBIyEdBFvhXshpjYE
UfCjLblQYcnV3Ba02CjbA9MSkzfuClGXwHVBTPkIi8aV+BDKlR958wNrjO+HWQl/
44D1okf1EQ/QqrejB32l
=YB5I
-----END PGP SIGNATURE-----

Current thread:

CVE request: Kernel: kvm: stack memory information leakage P J P (Dec 01)
- Re: CVE request: Kernel: kvm: stack memory information leakage cve-assign (Dec 01)