Opened 16 years ago
Closed 16 years ago
#2301 closed defect (fixed)
DF variable out of sync with RFLAGS after the SYSCALL instruction
| Reported by: | Jakub Jermar | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 2.0.2 |
| Keywords: | rflags, syscall | Cc: | |
| Guest type: | other | Host type: | other |
Description
Masking off the DF flag from the RFLAGS register during the SYSCALL instruction by specifying the DF bit in the SFMASK register doesn't work because the DF variable doesn't get updated. This bug allows a malicious userspace code to damage kernel memory on systems which rely on proper functionality of the SYSCALL instruction and the SFMASK register. Note that the same bug existed in qemu and was fixed in revision 4120:
http://svn.savannah.gnu.org/viewvc?view=rev&root=qemu&revision=4120
Note:
See TracTickets
for help on using tickets.
Fixed. Note that it was quite unlikely to hit this bug in the first place in VirtualBox. Syscall would only in very rare cases be executed in the recompiler.
Thanks for reporting it.