kernel: syscall instruction induces guest panic [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2012-0045

Created:

January 16, 2012

Updated:

January 18, 2012

Description:

From the Red Hat bugzilla:

32bit guests will crash (and 64bit guests may behave in a wrong way) for example by simply executing following nasm-demo-application:

    [bits 32]
    global _start
    SECTION .text
    _start: syscall

The reason seems a missing "invalid opcode"-trap (int6) for the syscall opcode "0f05", which is not available on Intel CPUs within non-longmodes, as also on some AMD CPUs within legacy-mode. (depending on CPU vendor, MSR_EFER and cpuid)

Because previous mentioned OSs may not engage corresponding syscall target-registers (STAR, LSTAR, CSTAR), they remain NULL and (non trapping) syscalls are leading to multiple faults and finally crashes.

Alerts:

Fedora	FEDORA-2012-0480	2012-01-14
Fedora	FEDORA-2012-0492	2012-01-14
Red Hat	RHSA-2012:0350-01	2012-03-06
CentOS	CESA-2012:0350	2012-03-07
Scientific Linux	SL-kern-20120308	2012-03-08
Oracle	ELSA-2012-2003	2012-03-12
Oracle	ELSA-2012-2003	2012-03-12
Oracle	ELSA-2012-0350	2012-03-12
Ubuntu	USN-1407-1	2012-03-27
Ubuntu	USN-1406-1	2012-03-27
Ubuntu	USN-1405-1	2012-03-27
Debian	DSA-2443-1	2012-03-26
Ubuntu	USN-1421-1	2012-04-12
Ubuntu	USN-1422-1	2012-04-12
Ubuntu	USN-1425-1	2012-04-24
Ubuntu	USN-1426-1	2012-04-24
Ubuntu	USN-1431-1	2012-04-30
Ubuntu	USN-1433-1	2012-04-30
Ubuntu	USN-1440-1	2012-05-08
SUSE	SUSE-SU-2012:0616-1	2012-05-14
Oracle	ELSA-2012-0862	2012-07-02

(Log in to post comments)