NAK/cmnt: [SRU Bionic 0/1] CVE-2021-38198
Kleber Souza
kleber.souza at canonical.com
Thu Sep 23 16:29:14 UTC 2021
On 22.09.21 20:47, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> It was discovered that the KVM hypervisor implementation in the Linux
> kernel did not properly compute the access permissions for shadow pages in
> some situations. A local attacker could use this to cause a denial of
> service.
>
> [Backport]
> I picked up the backport that was done for 4.19.y, as there was a small
> conflict in one of the hunks and a file rename.
>
> [Test case]
> kvm-unit-tests access test will check for this bug. It fails before the
> fix and passes after the fix.
>
> [Potential regression]
> KVM guest page faults could be erronously handled, causing issues on
> KVM guests.
>
> Lai Jiangshan (1):
> KVM: X86: MMU: Use the correct inherited permissions to get shadow
> page
>
> Documentation/virtual/kvm/mmu.txt | 4 ++--
> arch/x86/kvm/paging_tmpl.h | 14 +++++++++-----
> 2 files changed, 11 insertions(+), 7 deletions(-)
>
Already applied to bionic:linux as part of LP#1944600 (Bionic update:
upstream stable patchset 2021-09-22).
Thanks,
Kleber
More information about the kernel-team
mailing list