Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request -- kernel: kvm: syscall instruction induced guest panic
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 11 Jan 2012 17:09:25 -0700

On 01/11/2012 01:19 PM, Petr Matousek wrote:
"32bit guests will crash (and 64bit guests may behave in a
wrong way) for example by simply executing following

    [bits 32]
    global _start
    SECTION .text
    _start: syscall

The reason seems a missing "invalid opcode"-trap (int6) for the
syscall opcode "0f05", which is not available on Intel CPUs
within non-longmodes, as also on some AMD CPUs within legacy-mode.
(depending on CPU vendor, MSR_EFER and cpuid)

Because previous mentioned OSs may not engage corresponding
syscall target-registers (STAR, LSTAR, CSTAR), they remain
NULL and (non trapping) syscalls are leading to multiple
faults and finally crashs."


Proposed patch:

Stephan Bärwolf

Introduced by:
e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32

Please use CVE-2012-0045 for this issue.


-- Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]