oss-sec mailing list archives
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push
From: Solar Designer <solar () openwall com>
Date: Thu, 7 Apr 2022 11:06:24 +0200
On Thu, Apr 07, 2022 at 10:53:17AM +0200, Paolo Bonzini wrote:
indeed it doesn't cross guest-host boundaries. However, /dev/kvm is accessible by unprivileged users, so it should be treated like any other unprivileged NULL pointer dereference in Linux. I do not apply an embargo for those bugs, but whether to assign a CVE is not my choice.
Oh, indeed. So it's a local DoS for systems with user-accessible /dev/kvm and panic_on_oops=1, like RHEL and its rebuilds. Makes sense to have a CVE ID, then. (I assume that mmap_min_addr works.) Alexander
Current thread:
- Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push kangel (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)