First published: Wed Apr 10 2013(Updated: )
A check for valid userspace memory was found missing in kvm_set_memory_region() function. Because of that, memory regions pointing to kernel memory could be registered with KVM and later used when converting guest physical addresses to host virtual ones. Several call sites relied on the validation and were using read/write functions that were missing the access_ok() check when accessing userspace memory. A local unprivileged user on Red Hat Enterprise Linux 6 system could use this flaw to escalate their privileges on the system. On Red Hat Enterprise Linux 6.2 EUS and Red Hat Enterprise Linux 6.3 EUS the impact is limited to potential information leak only. A local user on Red Hat Enterprise Linux 5 system able to write to /dev/kvm could possibly use this flaw to leak kernel memory. Upstream fixes: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa3d315a4ce2c0891cdde262562e710d95fba19e">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa3d315a4ce2c0891cdde262562e710d95fba19e</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3bb6b6f6a0c535eb053fbf0005a8e79e053374">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3bb6b6f6a0c535eb053fbf0005a8e79e053374</a> Acknowledgements: This issue was discovered by Michael S. Tsirkin of Red Hat.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <3.0 | |
Redhat Enterprise Linux | =5.0 | |
Redhat Enterprise Linux Eus | =6.2 | |
Redhat Enterprise Linux Eus | =6.3 | |
Canonical Ubuntu Linux | =10.04 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.