Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Linux kernel, privilege elevation via VMI

October 2008 by Vigil@nce

A local attacker in a virtual machine can create a denial of service or elevate his privileges.

- Gravity: 2/4
- Consequences: privileged access/rights, denial of service of computer
- Provenance: user account
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 06/10/2008


- Linux kernel


The VMI (Virtual Machine Interface) is used for communication between the guest system and the hypervisor.

The LDT (Local Descriptor Table) contains information about memory segments of the process. The IDT (Interrupt Descriptor Table) is used to manage interruptions.

The vmi_write_ldt_entry() function of the arch/x86/kernel/vmi_32.c file uses write_idt_entry() instead of write_ldt_entry(), which corrupts the IDT.

A local attacker, in a guest system, can thus create a denial of service and eventually execute code.


- Identifiers: BID-31565, CVE-2008-4410, VIGILANCE-VUL-8149
- Url:

See previous articles


See next articles