Vigil@nce - Linux kernel: denial of service via KVM syscall
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located in a KVM guest system, can run a
malformed program, in order to stop the system.
Severity: 1/4
Creation date: 12/01/2012
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The arch/x86/kvm/emulate.c file implements the support of KVM
(Kernel-based Virtual Machine).
The "syscall" assembler instruction is used to call a procedure
which will be run with elevated privileges. During the compilation
to assembler code, "syscall" is translated to "0F05".
The "0F05" opcode is not valid on a 32 bit processor. However, KVM
does not manage this case, and generates an "illegal instruction"
interruption, which stops the system.
An attacker, who is located in a KVM guest system, can therefore
run a malformed program, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-syscall-11279