[PATCH 0/1][SRU][X] CVE-2019-3882 - VFIO IOMMU DoS
Tyler Hicks
tyhicks at canonical.com
Thu Apr 18 07:28:10 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3882
A flaw was found in the Linux kernel's vfio interface implementation that
permits violation of the user's locked memory limit. If a device is bound to a
vfio driver, such as vfio-pci, and the local attacker is administratively
granted ownership of the device, it may cause a system memory exhaustion and
thus a denial of service (DoS).
Minor backporting effort. Build logs are clean. I didn't have a good way to
test this change but was able to smoke test it by loading the vfio_iommu_type1
module with and without a dma_entry_limit module parameter specified.
Tyler
Alex Williamson (1):
vfio/type1: Limit DMA mappings per container
drivers/vfio/vfio_iommu_type1.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--
2.7.4
More information about the kernel-team
mailing list