Vigil@nce: Linux kernel, denial of service of virtio
December 2009 by Marc Jacob
An attacker in a guest KVM/QEMU system can use virtio, in order to
stop the guest system.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 11/12/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The virtio interface of the Linux kernel is used by guest systems
to access to virtualized hardware.
An attacker located in a guest system can send malformed data to
the virtio network interface, in order to generate an error in the
kernel.
An attacker in a guest KVM/QEMU system can thus use virtio, in
order to stop the guest system.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-9272
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-of-virtio-9272