Re: CVE request -- kernel: kvm: syscall instruction induced guest panic

[Kurt Seifried <kseifried () redhat com>]

On 01/11/2012 01:19 PM, Petr Matousek wrote:
> "32bit guests will crash (and 64bit guests may behave in a
> wrong way) for example by simply executing following
> nasm-demo-application:
>
>     [bits 32]
>     global _start
>     SECTION .text
>     _start: syscall
>
> The reason seems a missing "invalid opcode"-trap (int6) for the
> syscall opcode "0f05", which is not available on Intel CPUs
> within non-longmodes, as also on some AMD CPUs within legacy-mode.
> (depending on CPU vendor, MSR_EFER and cpuid)
>
> Because previous mentioned OSs may not engage corresponding
> syscall target-registers (STAR, LSTAR, CSTAR), they remain
> NULL and (non trapping) syscalls are leading to multiple
> faults and finally crashs."
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=773370
> https://lkml.org/lkml/2011/12/28/170
> http://www.spinics.net/lists/kvm/msg66633.html
>
> Proposed patch:
> http://www.spinics.net/lists/kvm/msg66633.html
>
> Credits:
> Stephan Bärwolf
>
> Introduced by:
> e66bb2ccdcf76d032bbb464b35c292bb3ee58f9b in linux-2.6.32
>
> Thanks,
Please use CVE-2012-0045 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team