APPLIED(B,C): [PATCH 0/1][SRU][D/C/B] CVE-2019-3882 - VFIO IOMMU DoS
Khaled Elmously
khalid.elmously at canonical.com
Tue Apr 23 06:35:36 UTC 2019
On 2019-04-18 07:25:57 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3882
>
> A flaw was found in the Linux kernel's vfio interface implementation that
> permits violation of the user's locked memory limit. If a device is bound to a
> vfio driver, such as vfio-pci, and the local attacker is administratively
> granted ownership of the device, it may cause a system memory exhaustion and
> thus a denial of service (DoS).
>
> Clean cherry-pick. Build logs are clean. I didn't have a good way to test this
> change but was able to smoke test it by loading the vfio_iommu_type1 module
> with and without a dma_entry_limit module parameter specified.
>
> Tyler
>
> Alex Williamson (1):
> vfio/type1: Limit DMA mappings per container
>
> drivers/vfio/vfio_iommu_type1.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list