APPLIED: [PATCH 0/2][SRU][C] CVE-2019-3887 - Nested KVM host kernel DoS
Khaled Elmously
khalid.elmously at canonical.com
Tue Apr 23 06:32:41 UTC 2019
On 2019-04-18 07:35:47 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3887
>
> A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific
> Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1
> guest could access L0's APIC register values via L2 guest, when 'virtualize
> x2APIC mode' is enabled. A guest could use this flaw to potentially crash the
> host kernel resulting in DoS issue.
>
> Trivial backports. Build logs are clean. Smoke tested by booting an L2 nested
> guest.
>
> Tyler
>
> Marc Orr (2):
> KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
> KVM: x86: nVMX: fix x2APIC VTPR read intercept
>
> arch/x86/kvm/vmx.c | 74 +++++++++++++++++++++++++++++++++---------------------
> 1 file changed, 45 insertions(+), 29 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list