[CVE-2012-4461] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set

Luis Henriques luis.henriques at canonical.com
Thu Dec 13 14:32:13 UTC 2012


On hosts without the XSAVE support unprivileged local user can trigger
oops by setting X86_CR4_OSXSAVE bit in guest cr4 register using
KVM_SET_SREGS ioctl and later issuing KVM_RUN ioctl.

Following this email, there's a patch that fixes this issue for Precise
and Quantal.  This patch is a clean cherry-pick from
6d1068b3a98519247d8ba4ec85cd40ac136dbdf9.

There's also another patch that fixes this for Oneiric, a backport of
the same SHA1.

Cheers,
--
Luis




More information about the kernel-team mailing list