Vigil@nce - Linux kernel: memory corruption via KVM VCPU
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate a memory corruption via a large KVM
VCPU for the Linux kernel, in order to trigger a denial of
service, and possibly to execute code.
Impacted products: Fedora, Linux
Severity: 2/4
Creation date: 20/12/2013
DESCRIPTION OF THE VULNERABILITY
The KVM (Kernel Virtual Machine) feature is used for
virtualization.
The Virtual CPU (VCPU) identifier is limited to 255. However,
several functions do not perform this check. Using a large VCPU
identifier, it is thus possible to read or to write in the kernel
memory.
A local attacker can therefore generate a memory corruption via a
large KVM VCPU for the Linux kernel, in order to trigger a denial
of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-corruption-via-KVM-VCPU-13977