oss-sec mailing list archives
CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM
From: Michael Ellerman <mpe () ellerman id au>
Date: Mon, 06 Nov 2017 21:24:56 +1100
Hi folks, Greg Kurz discovered a local denial of service (kernel oops) in the KVM code for powerpc. From his report: The following program causes a kernel oops: #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h> #include <linux/kvm.h> main() { int fd = open("/dev/kvm", O_RDWR); ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_PPC_HTM); } This happens because when using the global KVM fd with KVM_CHECK_EXTENSION, kvm_vm_ioctl_check_extension() gets called with a NULL kvm argument, which gets dereferenced in is_kvmppc_hv_enabled(). The bug was introduced in commit: 23528bb21ee2 ("KVM: PPC: Introduce KVM_CAP_PPC_HTM") Which was merged into kernel 4.8-rc1. The fix is now in mainline: ac64115a66c1 ("KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM") https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c1 cheers
Attachment:
signature.asc
Description:
Current thread:
- CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM Michael Ellerman (Nov 06)