ACK: [PATCH 0/2][SRU][C] CVE-2019-3887 - Nested KVM host kernel DoS
Stefan Bader
stefan.bader at canonical.com
Thu Apr 18 09:22:40 UTC 2019
On 18.04.19 09:35, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3887
>
> A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific
> Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1
> guest could access L0's APIC register values via L2 guest, when 'virtualize
> x2APIC mode' is enabled. A guest could use this flaw to potentially crash the
> host kernel resulting in DoS issue.
>
> Trivial backports. Build logs are clean. Smoke tested by booting an L2 nested
> guest.
>
> Tyler
>
> Marc Orr (2):
> KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
> KVM: x86: nVMX: fix x2APIC VTPR read intercept
>
> arch/x86/kvm/vmx.c | 74 +++++++++++++++++++++++++++++++++---------------------
> 1 file changed, 45 insertions(+), 29 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190418/3248e62c/attachment.sig>
More information about the kernel-team
mailing list