|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Linux kernel: denial of service via KVM_GET_REG_LIST
Synthesis of the vulnerability
When an ARM system is configured with KVM, a local attacker can use the KVM_GET_REG_LIST ioctl of the Linux kernel, in order to trigger a denial of service.
Vulnerable software: Linux, openSUSE.
Severity of this announce: 2/4.
Consequences of an intrusion: denial of service on server.
Attacker's origin: user shell.
Creation date: 26/08/2013.
Références of this computer vulnerability: BID-61995, CVE-2013-5634, openSUSE-SU-2016:3021-1, VIGILANCE-VUL-13315.
Description of the vulnerability
When KVM is configured on an ARM processor, users can access to a virtual CPU (VCPU).
The KVM_ARM_VCPU_INIT ioctl initializes the resource, and the KVM_GET_REG_LIST ioctl lists register information. However, several functions of the arch/arm/kvm/arm.c file do not check if KVM_ARM_VCPU_INIT was called. The kernel then accesses to an invalid memory area.
When an ARM system is configured with KVM, a local attacker can therefore use the KVM_GET_REG_LIST ioctl of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides computer vulnerability alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.