** Description changed: - Description needed + Linux 2.6.32 - 3.18 that runs KVM may enable a malicious guest process + to crash the guest OS or launch a privilege escalation attack on the + guest. The attack can be launched by tricking the hypervisor to emulate + a SYSENTER instruction in 16-bit mode, if the guest OS does not + initialize the SYSENTER MSRs. KVM does not check under these conditions + that the selector IA32_SYSENTER_CS is not zero, and does not generate a + #GP exception as real hardware does. Instead, it sets the guest + instruction pointer to zero and changes the code privilege level (CPL) + to zero (privileged). Note that the attack can only be issued under very + certain conditions (see the details below). Windows and distro Linux + guest OSes should be safe. The bug existed since the introduction of + SYSENTER emulation (em_sysenter function on recent Linux releases), in + commit 8c60435261deaefeb53ce3222d04d7d5bea81296 , which is present in + Linux 2.6.32 - 3.18. Break-Fix: - f3747379accba8e95d70cec0eae0582c8c182050
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1414651 Title: CVE-2015-0239 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1414651/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
