|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Linux kernel: denial of service via EFER
Synthesis of the vulnerability
On an x86 virtualized computer, a local attacker can use EFER to stop the system.
Impacted systems: Debian, Linux, openSUSE, SLES.
Severity of this alert: 1/4.
Consequences of an intrusion: denial of service on server.
Pirate's origin: user shell.
Creation date: 01/04/2009.
Références of this alert: BID-34331, CERTA-2002-AVI-235, CVE-2009-1242, DSA-1787-1, DSA-1800-1, SUSE-SA:2009:031, SUSE-SA:2009:032, VIGILANCE-VUL-8585.
Description of the vulnerability
An x86 processor supports VMX (Virtual Machine Extensions).
The vmx_set_msr() function of the arch/x86/kvm/vmx.c file sets MSR (Model Specific Registers):
- MSR_EFER : extended feature
- MSR_STAR : legacy mode syscall target
The EFER MSR is specific to x64 processors. However, in a i386 virtual machine, the vmx_set_msr() function tries to set it, which panics the kernel.
On an x86 virtualized computer, a local attacker can therefore use EFER to stop the system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerabilities bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.