Vigil@nce - Linux kernel: denial of service via KVM apic_get_tmcct
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker located in a guest system can generate an arithmetic
error in the KVM apic_get_tmcct() function of the Linux kernel, in
order to trigger a denial of service.
– Impacted products: Linux, RHEL
– Severity: 1/4
– Creation date: 13/12/2013
DESCRIPTION OF THE VULNERABILITY
The KVM (Kernel Virtual Machine) feature is used for
virtualization.
The apic_get_tmcct() function of the /arch/x86/kvm/lapic.c file
obtains the value of a time counter. However, an attacker can use
APIC_TMCCT to trigger a division by zero.
An attacker located in a guest system can therefore generate an
arithmetic error in the KVM apic_get_tmcct() function of the Linux
kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-apic-get-tmcct-13944