TTCSIRT-151.080218: TT-CSIRT Advisory – Linux Security Updates

TTCSIRT-151.080218: TT-CSIRT Advisory – Linux Security Updates

Kernel.org has released a security update stating that a vulnerability in the Kernel-based Virtual Machine (KVM) virtualization subsystem of the Linux Kernel exists due to the vmx.c source code file failing to set the GDT.LIMIT value to the previous host. As a result, malicious entries could be placed in the Global Descriptor Table (GDT) on an affected system.

An attacker could exploit this vulnerability by submitting a request with malicious input to the targeted system thereby gaining elevated privileges.

Further information on this vulnerability and how it can be mitigated can be found on the Kernel.org Website at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36