[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
From:       Jann Horn <jannhorn () googlemail ! com>
Date:       2019-02-18 15:53:06
Message-ID: CAG48ez2exshg9QipMkiuHK7rgiaJCO4KO8XMa_C-DiddfmK78A () mail ! gmail ! com
[Download RAW message or body]

Three vulnerabilities were recently fixed in KVM-related code; two
found by Felix Wilhelm, one by me:

CVE-2019-7222
https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
KVM: uninitialized memory leak in kvm_inject_page_fault
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
 guest-reachable, requires nested virtualization support

CVE-2019-7221
https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
KVM: use-after-free using emulated vmx preemption timer
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
 guest-reachable, requires nested virtualization support

CVE-2019-6974
https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
Linux: kvm_ioctl_create_device() installs fd before taking reference
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
 reachable only by host userspace with access to /dev/kvm

These are all fixed in the following stable releases:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156


[prev in list] [next in list] [prev in thread] [next in thread]