Vigil@nce - Linux kernel: denial of service via KVM ioapic_service
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located in a KVM guest, can use the KVM I/O APIC of
the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux
Severity: 1/4
Creation date: 08/04/2014
DESCRIPTION OF THE VULNERABILITY
The virt/kvm/ioapic.c file of the Linux kernel implements the I/O
APIC (Advanced Programmable Interrupt Controller) for KVM.
However, the ioapic_service() function does not correctly
initialize a state, which leads to a BUG_ON in ioapic_deliver().
An attacker, located in a KVM guest, can therefore use the KVM I/O
APIC of the Linux kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-ioapic-service-14535