[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead t
From:       P J P <ppandit () redhat ! com>
Date:       2020-05-19 11:46:57
Message-ID: nycvar.YSQ.7.77.849.2005191700340.62159 () xnncv
[Download RAW message or body]

   Hello,

A flaw was found in the Linux kernel, where it allows userspace processes, for 
example, a guest VM, to directly access h/w devices via its VFIO driver 
modules. The VFIO modules allow users to enable or disable access to the 
devices' MMIO memory address spaces. If a user attempts to access (read/write) 
the devices' MMIO address space when it is disabled, some h/w devices issue an 
interrupt to the CPU to indicate a fatal error condition, crashing the system. 
This flaw allows a guest user or process to crash the host system resulting in 
a denial of service.

Upstream patch:
---------------
   -> https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/
   -> https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/

'CVE-2020-12888' requested via https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[prev in list] [next in list] [prev in thread] [next in thread]