[PATCH 0/2][SRU][D] CVE-2019-3887 - Nested KVM host kernel DoS
Tyler Hicks
tyhicks at canonical.com
Thu Apr 18 07:33:32 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3887
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific
Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1
guest could access L0's APIC register values via L2 guest, when 'virtualize
x2APIC mode' is enabled. A guest could use this flaw to potentially crash the
host kernel resulting in DoS issue.
Clean cherry picks. Build logs are clean. Smoke tested by booting an L2 nested
guest.
Tyler
Marc Orr (2):
KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
KVM: x86: nVMX: fix x2APIC VTPR read intercept
arch/x86/kvm/vmx/nested.c | 74 ++++++++++++++++++++++++++++-------------------
1 file changed, 45 insertions(+), 29 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list