Bug 2069736 (CVE-2022-2153)
Summary: | CVE-2022-2153 kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, chwhite, crwood, ddepaula, dvlasenk, fpacheco, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, steved, vkumar, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.18 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2067251, 2072549, 2074832, 2074835, 2099734, 2099735, 2099736, 2099737, 2099738 | ||
Bug Blocks: | 2069747 |
Description
Pedro Sampaio
2022-03-29 15:11:42 UTC
Upstream commits: - https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a - https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce - https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2099734] This was fixed for Fedora with the 5.16.19 stable kernel updates. This issue was fixed upstream in version 5.18. The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7683 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7444 kernel in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:8267 kernel-rt in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:7933 |