What is the severity of REDHAT-BUG-1062368?

The severity of REDHAT-BUG-1062368 is categorized as moderate, affecting the stability of Red Hat KVM virtual machines.

How do I fix REDHAT-BUG-1062368?

To fix REDHAT-BUG-1062368, apply the relevant patches provided by Red Hat for the KVM package.

Which versions of Red Hat KVM are affected by REDHAT-BUG-1062368?

REDHAT-BUG-1062368 affects multiple versions of Red Hat KVM that utilize the emulated push instruction.

What symptoms may indicate the presence of REDHAT-BUG-1062368?

Symptoms of REDHAT-BUG-1062368 may include crashes or unexpected behavior in virtualized guest systems.

Is there an official acknowledgment for REDHAT-BUG-1062368?

Yes, REDHAT-BUG-1062368 has been officially acknowledged and documented by Red Hat.

Vulnerability/
REDHAT-BUG-1062368

high

6/2/2014

12/5/2023

REDHAT-BUG-1062368

First published: Thu Feb 06 2014(Updated: )

The problem occurs when the guest performs a pusha with the stack address pointing to an mmio address (or an invalid guest physical address) to start with, but then extending into an ordinary guest physical address. When doing repeated emulated pushes emulator_read_write sets mmio_needed to 1 on the first one. On a later push when the stack points to regular memory, mmio_nr_fragments is set to 0, but mmio_is_needed is not set to 0. As a result, KVM exits to userspace, and then returns to complete_emulated_mmio. In complete_emulated_mmio vcpu->mmio_cur_fragment is incremented. The termination condition of vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments is never achieved. The code bounces back and fourth to userspace incrementing mmio_cur_fragment past it's buffer. If the guest does nothing else it eventually leads to a a crash on a memcpy from invalid memory address. However if a guest code can cause the vm to be destoryed in another vcpu with excellent timing, then kvm_clear_async_pf_completion_queue can be used by the guest to control the data that's pointed to by the call to cancel_work_item, which can be used to gain execution. Introduced by: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f78146b0f">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f78146b0f</a> Acknowledgements: Red Hat would like to thank Lars Bull of Google for reporting this issue.

Affected Software	Affected Version	How to fix
Red Hat QEMU-KVM

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1062368?
The severity of REDHAT-BUG-1062368 is categorized as moderate, affecting the stability of Red Hat KVM virtual machines.
How do I fix REDHAT-BUG-1062368?
To fix REDHAT-BUG-1062368, apply the relevant patches provided by Red Hat for the KVM package.
Which versions of Red Hat KVM are affected by REDHAT-BUG-1062368?
REDHAT-BUG-1062368 affects multiple versions of Red Hat KVM that utilize the emulated push instruction.
What symptoms may indicate the presence of REDHAT-BUG-1062368?
Symptoms of REDHAT-BUG-1062368 may include crashes or unexpected behavior in virtualized guest systems.
Is there an official acknowledgment for REDHAT-BUG-1062368?
Yes, REDHAT-BUG-1062368 has been officially acknowledged and documented by Red Hat.

agent/type
agent/references
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-0049
agent/source
agent/description
agent/severity
agent/event
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat qemu-kvm