[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
From: Jann Horn <jannhorn () googlemail ! com>
Date: 2019-02-18 15:53:06
Message-ID: CAG48ez2exshg9QipMkiuHK7rgiaJCO4KO8XMa_C-DiddfmK78A () mail ! gmail ! com
[Download RAW message or body]
Three vulnerabilities were recently fixed in KVM-related code; two
found by Felix Wilhelm, one by me:
CVE-2019-7222
https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
KVM: uninitialized memory leak in kvm_inject_page_fault
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
guest-reachable, requires nested virtualization support
CVE-2019-7221
https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
KVM: use-after-free using emulated vmx preemption timer
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
guest-reachable, requires nested virtualization support
CVE-2019-6974
https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
Linux: kvm_ioctl_create_device() installs fd before taking reference
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
reachable only by host userspace with access to /dev/kvm
These are all fixed in the following stable releases:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic