Message ID | 1547074093-6066-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2018-16882 - Nested KVM DoS | expand |
On 1/9/19 11:48 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16882.html > > A use after free issue was found in the way Linux kernel's KVM hypervisor > processed posted interrupts, when nested(=1) virtualization is enabled. In > nested_get_vmcs12_pages(), in case of an error while processing posted > interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' > descriptor address. Which is latter used in pi_test_and_clear_on(). A guest > user/process could use this flaw to crash the host kernel resulting in DoS. > > This is a clean cherry pick to Bionic and Cosmic. Disco already has the patch > applied. I've smoke tested this patch by booting nested KVM instances using, > both, the Bionic and Cosmic kernels. > > Tyler > > Applied to bionic/master-next and cosmic/master-next branches. Thanks, Kleber