Bug 1413001 (CVE-2017-2584)

Summary: CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio
Product: [Other] Security Response Reporter: Prasad J Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agordeev, aquini, arm-mgr, bdas, bhu, carnil, dhoward, esammons, fhrbata, gansalmon, iboverma, ichavero, itamar, jforbes, jkacur, jkastner, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, nmurray, pholasek, plougher, rt-maint, rvrbovsk, vdronov, williams
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20170111,reported=20170105,source=google,cvss2=5.5/AV:A/AC:H/Au:S/C:P/I:P/A:C,cvss3=7.1/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected
Fixed In Version: 3.10.0-560.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-10 11:38:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1413002    
Bug Blocks: 1412321    

Description Prasad J Pandit 2017-01-13 11:30:34 UTC
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support
is vulnerable to a use after free flaw. It could occur on x86 platform,
when emulating instructions fxsave, fxrstor, sgdt, etc.

A user/process could use this flaw to crash the host kernel resulting in DoS.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kvm/msg143571.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/01/13/7

Comment 1 Prasad J Pandit 2017-01-13 11:32:08 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1413002]

Comment 6 Prasad J Pandit 2017-03-31 09:46:28 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

This issue affects the version of Linux kernel as shipped with
Red Hat Enterprise Linux 7.

This has been rated as having Low security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/