From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: SYSRET 64-Bit Breakout
Date: Wed, 13 Jun 2012 16:59:56 +0200
Message-ID: <4FD8AAEC.4070902@redhat.com>
References: <CBFE4597.68DC%robert.clark@hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>
To: "Clark, Robert Graham" <robert.clark@hp.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-pz0-f46.google.com ([209.85.210.46]:60130 "EHLO
	mail-pz0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752327Ab2FMPAC (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 13 Jun 2012 11:00:02 -0400
Received: by dady13 with SMTP id y13so1164699dad.19
        for <kvm@vger.kernel.org>; Wed, 13 Jun 2012 08:00:02 -0700 (PDT)
In-Reply-To: <CBFE4597.68DC%robert.clark@hp.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 13/06/2012 14:26, Clark, Robert Graham ha scritto:
> All,
> 
> I've been looking at http://www.kb.cert.org/vuls/id/649219
> 
> Xen appears to be vulnerable as do a number of other products. KVM
> isn't listed. Some discussion on IRC indicates that KVM isn't likely to
> be vulnerable.
> 
> Can anyone confirm please?

Xen is only vulnerable with paravirtualized guests.  KVM only support
hardware-assisted virtualization.

The Linux kernel that is used by KVM used to have similar
vulnerabilities, but they were fixed a long time ago (CVE-2005-1764,
CVE-2006-0744).

Paolo