A use after free issue was found in the way Linux kernel's KVM hypervisor
emulates a preemption timer for L2 guest when nested(=1) virtualization
is enabled. This high resolution timer(hrtimer) runs when L2 guest is active.
After VM exit, in sync_vmcs12() timer object is stopped. The use-after-free
occurs if the timer object is free'd before calling sync_vmcs12() routine.
A guest user/process could use this flaw to crash the host kernel resulting
in DoS OR potentially gain privileged access to a system.
It affects only Intel processors and only when nested virtualization is
Name: Felix Wilhelm (Google)
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
Note: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1673676]