Bug 1671930 (CVE-2019-7222) - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
Summary: CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
Status: NEW
Alias: CVE-2019-7222
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20190207,reported=2...
Keywords: Security
Depends On: 1671931 1671932 1673845 1673846 1673686
Blocks: 1671898
TreeView+ depends on / blocked
 
Reported: 2019-02-02 07:08 UTC by Prasad J Pandit
Modified: 2019-02-18 18:31 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Prasad J Pandit 2019-02-02 07:08:31 UTC
An information leakage issue was found in the way Linux kernel's KVM hypervisor
handled page fault exception while emulating instructions like VMXON, VMCLEAR,
VMPTRLD, VMWRITE with memory address as an operand. It occurs if the operand is
an mmio address, as the returned exception object holds uninitialised stack memory
contents.

A guest user/process could use this flaw to leak host's stack memory contents
to a guest.

It affects only Intel processors and only when nested virtualization is
enabled.

Upstream patch:
---------------
  -> https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/02/18/2

Comment 2 Prasad J Pandit 2019-02-06 07:12:05 UTC
Acknowledgments:

Name: Felix Wilhelm (Google)

Comment 4 Prasad J Pandit 2019-02-07 19:01:15 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1673686]

Comment 6 Eric Christensen 2019-02-08 15:20:07 UTC
Statement:

This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.

Note:- Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.


Note You need to log in before you can comment on or make changes to this bug.