[PATCH 0/1][SRU][B/C] CVE-2018-16882 - Nested KVM DoS
Tyler Hicks
tyhicks at canonical.com
Wed Jan 9 22:48:12 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16882.html
A use after free issue was found in the way Linux kernel's KVM hypervisor
processed posted interrupts, when nested(=1) virtualization is enabled. In
nested_get_vmcs12_pages(), in case of an error while processing posted
interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc'
descriptor address. Which is latter used in pi_test_and_clear_on(). A guest
user/process could use this flaw to crash the host kernel resulting in DoS.
This is a clean cherry pick to Bionic and Cosmic. Disco already has the patch
applied. I've smoke tested this patch by booting nested KVM instances using,
both, the Bionic and Cosmic kernels.
Tyler
More information about the kernel-team
mailing list