virtualbox guest crash on AMD when calling taskgate with wrong CPL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
virtualbox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
virtualbox-ose (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Ubuntu precise i386 guest kernel (3.2.0-29-generic) can be crashed by invocation of software interrupt 0x8 from userspace. Crash verified only when guest is running inside virtualbox, e.g. 4.1.12-
The cause for the crash is, that the ring-0 code recompiler does not check current privilege level CPL when calling a task gate on processor without VT-x / AMD-V support. The bug is fixed upstream in 4.2.0-RC3, see https:/
Outcome on linux: Userspace-DOS
Outcome on other platforms: Not clear, when they use task gates, this might perhaps lead to local privilege escalation due to invalid processor simulation.
See also http://
# lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
ii virtualbox 4.1.12-
While not sure about cause of crash, another bug was filed agains kernel (https:/
information type: | Private Security → Public Security |
Response from upstream: http:// sourceforge. net/mailarchive /message. php?msg_ id=29740660