[PATCH 0/1][SRU][C] CVE-2018-16880 - vhost_net out-of-bounds write
Tyler Hicks
tyhicks at canonical.com
Mon Feb 4 20:22:31 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16880.html
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net]
driver. A malicious virtual guest, under specific conditions, can trigger an
out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a
kernel memory corruption and a system panic. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out. Versions from v4.16 and newer
are vulnerable.
This is essentially a clean cherry pick to Cosmic. A macro name is different in
Cosmic than it is in current upstream so that had to be adjusted. I've smoke
tested this patch by boot testing in a VM and starting a nested KVM instance.
Tyler
More information about the kernel-team
mailing list