A flaw was found in the way Linux kernel's KVM hypervisor handled deferred TLB flush requests from guest. A race condition may occur between guest issuing a deferred TLB flush request to KVM and KVM handling and acknowledging it. This may result in invalid address translations from TLB being used to access guest memory, leading to potential information leakage issue. A guest user/process may use this flaw to access guest memory locations which it should not have access to. Upstream patches: ----------------- -> https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e -> https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796 -> https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589 -> https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7 -> https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e -> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=CVE-2019-3016
Mitigation: This issue can only be resolved by applying updates. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
External References: https://www.openwall.com/lists/oss-security/2020/01/30/4
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1796650]
This issue was fixed for Fedora with the 5.4.19 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3016