| Summary: | kernel: KVM: syscall instruction induced guest panic (CVE-2012-0045) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | minor | CC: | kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=773370 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
There are no longer any 2.x or <3.2.14 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |
32bit guests will crash (and 64bit guests may behave in a wrong way) for example by simply executing following nasm-demo-application: [bits 32] global _start SECTION .text _start: syscall The reason seems a missing "invalid opcode"-trap (int6) for the syscall opcode "0f05", which is not available on Intel CPUs within non-longmodes, as also on some AMD CPUs within legacy-mode. (depending on CPU vendor, MSR_EFER and cpuid) Because previous mentioned OSs may not engage corresponding syscall target-registers (STAR, LSTAR, CSTAR), they remain NULL and (non trapping) syscalls are leading to multiple faults and finally crashs. Reference: https://lkml.org/lkml/2011/12/28/170 http://www.spinics.net/lists/kvm/msg66633.html Proposed patch: http://www.spinics.net/lists/kvm/msg66633.html