NAK/cmnt: [SRU Bionic 0/1] CVE-2021-38198

Kleber Souza kleber.souza at canonical.com
Thu Sep 23 16:29:14 UTC 2021


On 22.09.21 20:47, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>   It was discovered that the KVM hypervisor implementation in the Linux
>   kernel did not properly compute the access permissions for shadow pages in
>   some situations. A local attacker could use this to cause a denial of
>   service.
> 
> [Backport]
> I picked up the backport that was done for 4.19.y, as there was a small
> conflict in one of the hunks and a file rename.
> 
> [Test case]
> kvm-unit-tests access test will check for this bug. It fails before the
> fix and passes after the fix.
> 
> [Potential regression]
> KVM guest page faults could be erronously handled, causing issues on
> KVM guests.
> 
> Lai Jiangshan (1):
>    KVM: X86: MMU: Use the correct inherited permissions to get shadow
>      page
> 
>   Documentation/virtual/kvm/mmu.txt |  4 ++--
>   arch/x86/kvm/paging_tmpl.h        | 14 +++++++++-----
>   2 files changed, 11 insertions(+), 7 deletions(-)
> 

Already applied to bionic:linux as part of LP#1944600 (Bionic update:
upstream stable patchset 2021-09-22).


Thanks,
Kleber



More information about the kernel-team mailing list