oss-sec mailing list archives
Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id
From: <cve-assign () mitre org>
Date: Fri, 2 Dec 2016 13:01:32 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an out-of-bounds memory access issue. It could occur on x86 platform, while servicing I/O APIC requests with larger vcpu_id. A guest user/process could use this flaw to crash the host kernel resulting in DoS or it could potentially be used to escalate privileges on a host. https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 https://bugzilla.redhat.com/show_bug.cgi?id=1400804
KVM: x86: fix out-of-bounds accesses of rtc_eoi map KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be bigger that the maximal number of VCPUs, resulting in out-of-bounds access.
Use CVE-2016-9777. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYQbY8AAoJEHb/MwWLVhi2E6UP/3Od6kwDOaaTEft5Cuqq33E3 Pk4zhnbtJa1Vo+obCpQreKP8Oq7oCThS0vDTHdfG2CgKg8tb1JtU3CGZFjxSewQR ZMZ/zY0WvTVT52MWeQyQv6+WRRMQ0yDdnIAGwkkRlTFSniy+TVzABb6dLkYKTvFM lRRROHOs/A4lknKXiCYRwGq8UyZ1i3Yr3uG8uzdGXBb5mDEmwp3C3CcFDpHsgThf w2i0W0z+lqx4jkBAbL37T0ev3nSBgP8HLaAOx4hoIX/+/eHQ66NYq6Tu5t6OdPVq 6orHYpY1kq9R84hZ6C8jDJfTHyRbje82thzGzoSKPF4rmpNaKUIpKVGxVUXkYcvY ZqJc4sN2oMoQWXM/rL27maBdKqwxX7HRN5WzsTfJdQN5AJW1J45aW9J7C1XyG6ms 0Po83l4dp8E7XDU8EVR4UJEiSBjAF8Dsns/tssql3mxtbh5yoAeg2R95nud5PPFH C9V++FSvycUFpSBZa4zjSaEOIWjnsqMo1npgKvCEXZeevtgWKK8ogIhx42keyd5P ypPY2K0mnTS0olx+nJl41Nxc7iJv0V5/pdJI6BDlSXitAaJWvgWlU3SHD9CI77hW 2gu8mrzq5r0P8UsfgtdfReLpdBTUZmG1WWd1exyFV00xJvO9opXbQcH3ocJONtcq yprynboLM9ZITozRH1L2 =f3+j -----END PGP SIGNATURE-----
Current thread:
- CVE request: Kernel: kvm: out of bounds memory access via vcpu_id P J P (Dec 01)
- Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id cve-assign (Dec 02)