Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, memory access in KVM

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker located inside a KVM guest system can read or access memory with elevated privileges.

Severity: 2/4

Consequences: administrator access/rights, privileged access/rights, data reading, data creation/edition

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 09/02/2010

IMPACTED PRODUCTS

- Debian Linux
- Linux kernel
- Red Hat Enterprise Linux

DESCRIPTION OF THE VULNERABILITY

A x86 processor has 4 rings associated to privileges:
- ring 0 : all memory accesses and all assembler instructions are allowed
- ring 3 : memory access is restricted to segments with the same privilege level

The gva_to_gpa() function of the KVM arch/x86/kvm/emulate.c emulator does not check the CPL (Current Privilege Level) before doing a memory operation.

An attacker located inside a KVM guest system can therefore read or access memory with elevated privileges.

CHARACTERISTICS

Identifiers: 559091, BID-38158, CVE-2010-0298, DSA-1996-1, RHSA-2010:0088-02, VIGILANCE-VUL-9422

http://vigilance.fr/vulnerability/L...




See previous articles

    

See next articles