Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 6 Nov 2012 19:30:40 +0100

A flaw has been found in the way Linux kernel's KVM subsystem handled
vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts
without the XSAVE feature and using qemu userspace an unprivileged
local user could use this flaw to crash the system.

Acknowledgements:

Red Hat would like to thank Jon Howell for reporting this issue.

Proposed upstream fix:
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742

References:
https://bugzilla.redhat.com/show_bug.cgi?id=862900
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
  • CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Petr Matousek (Nov 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]