Linux kernel: denial of service via KVM_GET_REG_LIST
Synthesis of the vulnerability
When an ARM system is configured with KVM, a local attacker can use the KVM_GET_REG_LIST ioctl of the Linux kernel, in order to trigger a denial of service.Impacted products:
BID-61995, CVE-2013-5634, VIGILANCE-VUL-13315.
Description of the vulnerability
When KVM is configured on an ARM processor, users can access to a virtual CPU (VCPU).
The KVM_ARM_VCPU_INIT ioctl initializes the resource, and the KVM_GET_REG_LIST ioctl lists register information. However, several functions of the arch/arm/kvm/arm.c file do not check if KVM_ARM_VCPU_INIT was called. The kernel then accesses to an invalid memory area.
When an ARM system is configured with KVM, a local attacker can therefore use the KVM_GET_REG_LIST ioctl of the Linux kernel, in order to trigger a denial of service.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides computer vulnerability alerts
. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.