oss-sec mailing list archives
Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
From: Eugene Teo <eugene () redhat com>
Date: Thu, 06 Jan 2011 16:38:53 +0800
On 01/06/2011 04:16 AM, Greg KH wrote:
On Wed, Jan 05, 2011 at 12:14:28PM +0800, Eugene Teo wrote:In addition to CVE-2010-3881, some versions of the Linux kernel forgot to initialize the kvm_vcpu_events.interrupt.pad field before being copied to userspace. I have assigned CVE-2010-4525 to this. I briefly checked, linux-2.6.33/34.y are affected, linux-2.6/.31/.32.y are not. https://bugzilla.redhat.com/CVE-2010-4525Is there a fix for this in the upstream kernels? How about kernels greater than .35?
The upstream kernel and .35.y onwards are not affected. Thanks, Eugene
Current thread:
- CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 04)
- Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Greg KH (Jan 05)
- Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 06)
- Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Greg KH (Jan 05)