Vigil@nce - Linux kernel: denial of service via KVM PIT Emulation
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the KVM and PIT on the Linux kernel, in order
to trigger a denial of service.
– Impacted products: Debian, Linux.
– Severity: 1/4.
– Creation date: 06/01/2016.
DESCRIPTION OF THE VULNERABILITY
The arch/x86/kvm/x86.c file implements the PIT (Programmable
Interval Timer) management for KVM.
However, if an attacker defines a PIT counter to zero, a modulo
zero operation generates a fatal error.
An attacker can therefore use the KVM and PIT on the Linux kernel,
in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-KVM-PIT-Emulation-18644