First published: Wed Dec 10 2014(Updated: )
It was found that espfix funcionality (when returning to userspace with a 16 bit stack, the CPU will not restore the high word of esp for us on executing iret and thus potentially leaks kernel addresses; espfix fixes this) does not work for 32-bit KVM paravirt guests. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. Proposed upstream patch: <a href="http://www.spinics.net/lists/kvm/msg111458.html">http://www.spinics.net/lists/kvm/msg111458.html</a> Acknowledgements: Red Hat would like to thank Andy Lutomirski for reporting this issue.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=3.18 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Opensuse Evergreen | =11.4 | |
openSUSE openSUSE | =13.1 | |
SUSE SUSE Linux Enterprise Server | =11-sp2 | |
Oracle Linux | =6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.