[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead t
From: P J P <ppandit () redhat ! com>
Date: 2020-05-19 11:46:57
Message-ID: nycvar.YSQ.7.77.849.2005191700340.62159 () xnncv
[Download RAW message or body]
Hello,
A flaw was found in the Linux kernel, where it allows userspace processes, for
example, a guest VM, to directly access h/w devices via its VFIO driver
modules. The VFIO modules allow users to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when it is disabled, some h/w devices issue an
interrupt to the CPU to indicate a fatal error condition, crashing the system.
This flaw allows a guest user or process to crash the host system resulting in
a denial of service.
Upstream patch:
---------------
-> https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/
-> https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/
'CVE-2020-12888' requested via https://cveform.mitre.org/
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic