Vigil@nce: Linux kernel, reading memory via kvm_vcpu_events
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use KVM to obtain one byte from the kernel
memory.
– Severity: 1/4
– Creation date: 05/01/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The arch/x86/kvm/x86.c file implements the support of KVM
(Kernel-based Virtual Machine).
The kvm_vcpu_ioctl_x86_get_vcpu_events() function does not
initialize a padding byte in the interruption events structure
(field kvm_vcpu_events.interrupt.pad).
A local attacker can therefore use KVM to obtain one byte from the
kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-reading-memory-via-kvm-vcpu-events-10249