Bug 639879 (CVE-2010-3698) - CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic
Summary: CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3698
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Zhang Kexin
URL:
Whiteboard:
Depends On: 639884 639885 639886 639887
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-04 09:31 UTC by Petr Matousek
Modified: 2019-09-29 12:39 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-29 13:00:21 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0842 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2010-11-22 19:34:20 UTC
Red Hat Product Errata RHSA-2010:0898 0 normal SHIPPED_LIVE Moderate: kvm security update 2010-12-06 19:09:29 UTC

Description Petr Matousek 2010-10-04 09:31:43 UTC 
Invoking ioctl(KVM_RUN) while having invalid selector in fs and/or gs register (via LDT modifications) forces kernel to panic (DoS).
Comment 7 Chuck Ebbert 2010-10-21 00:42:55 UTC 
Fixed in 2.6.36:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9581d442b9058d3699b4be568b6e5eae38a41493
Comment 8 errata-xmlrpc 2010-11-10 19:09:44 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0842 https://rhn.redhat.com/errata/RHSA-2010-0842.html
Comment 9 errata-xmlrpc 2010-11-22 19:35:39 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0842 https://rhn.redhat.com/errata/RHSA-2010-0842.html
Comment 10 errata-xmlrpc 2010-12-06 19:09:38 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0898 https://rhn.redhat.com/errata/RHSA-2010-0898.html
Note You need to log in before you can comment on or make changes to this bug.