ASA-2019-00160 – OpenBSD: GDT and IDT limits were improperly restored during VMM context switches

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00160

Identifier(s)

ASA-2019-00160

Title

GDT and IDT limits were improperly restored during VMM context switches

Vendor(s)

The OpenBSD Project

Product(s)

OpenBSD

Affected version(s)

OpenBSD 6.4 before errata 016
OpenBSD 6.3 before errata 032

Fixed version(s)

OpenBSD 6.4 errata 016
OpenBSD 6.3 errata 032

Proof of concept

Unknown

Description

GDT and IDT limits were improperly restored during VMM context switches.

Technical details

Unknown

Credits

Maxime Villard (NetBSD)

Reference(s)

OpenBSD 6.4 Errata
https://www.openbsd.org/errata64.html

OpenBSD 6.3 Errata
https://www.openbsd.org/errata63.html

016_vmmints.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/016_vmmints.patch.sig

032_vmmints.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/032_vmmints.patch.sig

vmm(4): On VMX, use sgdt/sidt to reset the GDT/IDT limits after exiting
https://github.com/openbsd/src/commit/5845e8e5e66cca51f6bca3dece4e7edb77b067fd#diff-7c576d5acc552c677e9172711c27cabb

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 28, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.