ACK: [SRU Bionic 0/1] CVE-2021-38198
Tim Gardner
tim.gardner at canonical.com
Thu Sep 23 11:50:18 UTC 2021
Acked-by: Tim Gardner <tim.gardner at canonical.com>
Good test results from a reproducer.
On 9/22/21 12:47 PM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> It was discovered that the KVM hypervisor implementation in the Linux
> kernel did not properly compute the access permissions for shadow pages in
> some situations. A local attacker could use this to cause a denial of
> service.
>
> [Backport]
> I picked up the backport that was done for 4.19.y, as there was a small
> conflict in one of the hunks and a file rename.
>
> [Test case]
> kvm-unit-tests access test will check for this bug. It fails before the
> fix and passes after the fix.
>
> [Potential regression]
> KVM guest page faults could be erronously handled, causing issues on
> KVM guests.
>
> Lai Jiangshan (1):
> KVM: X86: MMU: Use the correct inherited permissions to get shadow
> page
>
> Documentation/virtual/kvm/mmu.txt | 4 ++--
> arch/x86/kvm/paging_tmpl.h | 14 +++++++++-----
> 2 files changed, 11 insertions(+), 7 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list