Vigil@nce: Linux kernel, denial of service via KVM and BIOS 80
May 2009 by Vigil@nce
An attacker in a KVM environment can write to the BIOS port 0x80
in order to stop the system.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 19/05/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The BIOS can be accessed via input/output ports:
– 0x20, 21, A0, A1 : PIC (Programmable Interrupt Controller) to
parameter IRQ
– 0x60, 64 : keyboard data and control
– 0x80 : last POST (Power-On Self Test) code, which indicates the
error code of the last action:
+ 0x28 : testing memory
+ 0x95 : keyboard self test
+ etc.
+ 0x00 : ready to boot
- etc.
The port 0x80 can only be read. However, some computers are
bugged, and stop when user writes to the port 0x80.
The standard Linux kernel does not allow a user to write to the
port 0x80. However, KVM (Kernel Virtual Machine) allows it.
An attacker located in a guest KVM can thus stop the host system.
CHARACTERISTICS
Identifiers: BID-35000, VIGILANCE-VUL-8721
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-and-BIOS-80-8721