** Description changed: - If the guest writes a noncanonical value to certain MSR registers, KVM - will write that value to the MSR in the host context and a #GP will be - raised leading to kernel panic. A privileged guest user can use this - flaw to crash the host. Enabling CONFIG_PARAVIRT when building the - kernel mitigates this issue because wrmsrl() ends up invoking safe msr - write variant. + The WRMSR processing functionality in the KVM subsystem in the Linux + kernel through 3.17.2 does not properly handle the writing of a non- + canonical address to a model-specific register, which allows guest OS + users to cause a denial of service (host OS crash) by leveraging guest + OS privileges, related to the wrmsr_interception function in + arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. + A privileged guest user can use this flaw to crash the host. Enabling + CONFIG_PARAVIRT when building the kernel mitigates this issue because + wrmsrl() ends up invoking safe msr write variant. Break-Fix: - 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384539 Title: CVE-2014-3610 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1384539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
