A flaw was found in the way iommu mapping failures were handled in
kvm_iommu_map_pages() function in the Linux kernel. A privileged user in the
guest could use this flaw to crash the host in case the guest has access to
passed in device.
Red Hat would like to thank Jack Morgenstein of Mellanox for reporting this issue; the security impact of this issue was discovered by Michael Tsirkin of Red Hat.
This issue did not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kvm updates for Red Hat Enterprise Linux 5 and Linux kernel updates for Red Hat Enterprise Linux 6 may address this issue.
A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:1392 https://rhn.redhat.com/errata/RHSA-2014-1392.html