APPLIED[D]: [PATCH 0/1][SRU][D/C/B] CVE-2019-3882 - VFIO IOMMU DoS

Kleber Souza kleber.souza at
Tue Apr 23 15:24:23 UTC 2019

On 4/18/19 9:25 AM, Tyler Hicks wrote:
>  A flaw was found in the Linux kernel's vfio interface implementation that
>  permits violation of the user's locked memory limit. If a device is bound to a
>  vfio driver, such as vfio-pci, and the local attacker is administratively
>  granted ownership of the device, it may cause a system memory exhaustion and
>  thus a denial of service (DoS).
> Clean cherry-pick. Build logs are clean. I didn't have a good way to test this
> change but was able to smoke test it by loading the vfio_iommu_type1 module
> with and without a dma_entry_limit module parameter specified.
> Tyler
> Alex Williamson (1):
>   vfio/type1: Limit DMA mappings per container
>  drivers/vfio/vfio_iommu_type1.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)

Applied to disco/master-next branch.


More information about the kernel-team mailing list