Vigil@nce: Linux kernel, denial of service via KVM
December 2009 by Vigil@nce
An attacker in a KVM guest system can use a long x86 instruction,
in order to generate a denial of service.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/12/2009
IMPACTED PRODUCTS
– Linux kernel
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The KVM feature of the kernel is used to virtualize a system under
Linux.
Instructions of x86 processors are limited to 15 bytes. However,
the do_insn_fetch() function of the arch/x86/kvm/emulate.c file
accepts longer instructions, which slows the system.
An attacker in a KVM guest system can therefore use a long x86
instruction, in order to generate a denial of service.
CHARACTERISTICS
– Identifiers: BID-37130, CVE-2009-4031, RHSA-2009:1659-01,
VIGILANCE-VUL-9257
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-9257