KVM Structure Initialization Error Lets Local Users Obtain Portions of Kernel Memory
|
|
SecurityTracker Alert ID: 1024912 |
|
SecurityTracker URL: http://securitytracker.com/id/1024912
|
|
CVE Reference:
CVE-2010-3881
(Links to External Site)
|
Date: Dec 20 2010
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in KVM. A local user can obtain portions of kernel memory.
Some structure padding and reserved fields in certain data structures in QEMU-KVM are not properly initialized. A privileged local host user with access to '/dev/kvm' can obtain portions of kernel stack memory.
The kvm_vcpu_events, kvm_debugregs, kvm_pit_state2, and kvm_clock_data structures are affected.
|
Impact:
A local privilege host user can obtain portions of kernel memory.
|
Solution:
The vendor has issued a fix, available at:
http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=831d9d02f9522e739825a51a11e3bc5aa531a905
|
Vendor URL: kernel.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 20 Dec 2010 19:29:09 +0000
Subject: KVM
|
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
It was found that some structure padding and reserved fields in certain
data structures in QEMU-KVM were not initialized properly before being
copied to user-space. A privileged host user with access to "/dev/kvm"
could use this flaw to leak kernel stack memory to user-space.
(CVE-2010-3881)
http://www.spinics.net/lists/kvm/msg44130.html
http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=831d9d02f9522e739825a51a11e3bc5aa531a905
|
|
