This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, inside a guest system, can force the usage of a freed memory area in the KVM subsystem of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/01/2017.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel product offers a heavyweight virtualization layer Kernel Virtual Machine.
On x86 hosts, machine instructions which access to floating point registers and memory protection registers are emulated. However, the function complete_emulated_mmio() frees a memory area before reusing it.
An attacker, inside a guest system, can therefore force the usage of a freed memory area in the KVM subsystem of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/...