An issue was discovered in the Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. References: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 http://www.openwall.com/lists/oss-security/2021/05/26/3 http://www.openwall.com/lists/oss-security/2021/05/26/4 http://www.openwall.com/lists/oss-security/2021/05/26/5
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1965462]
Upstream fix aiming to address the first PoC from google advisory (vvar_write.c): https://github.com/torvalds/linux/commit/bd2fae8d https://github.com/torvalds/linux/commit/a9545779 Note that the second PoC (kernel_write.c) is still being worked on, see https://seclists.org/oss-sec/2021/q2/169.
Upstream fix: https://github.com/torvalds/linux/commit/f8be156be163a052a067306417cd0ff679068c97
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3044 https://access.redhat.com/errata/RHSA-2021:3044
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3088 https://access.redhat.com/errata/RHSA-2021:3088
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3057 https://access.redhat.com/errata/RHSA-2021:3057
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22543
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3173 https://access.redhat.com/errata/RHSA-2021:3173
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3181 https://access.redhat.com/errata/RHSA-2021:3181
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:3235 https://access.redhat.com/errata/RHSA-2021:3235
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3375 https://access.redhat.com/errata/RHSA-2021:3375
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3380 https://access.redhat.com/errata/RHSA-2021:3380
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3363 https://access.redhat.com/errata/RHSA-2021:3363
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2021:3725 https://access.redhat.com/errata/RHSA-2021:3725
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2021:81932 https://access.redhat.com/errata/RHSA-2021:81932
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:3766 https://access.redhat.com/errata/RHSA-2021:3766
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3768 https://access.redhat.com/errata/RHSA-2021:3768
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:3812 https://access.redhat.com/errata/RHSA-2021:3812
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2021:3814 https://access.redhat.com/errata/RHSA-2021:3814
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3801 https://access.redhat.com/errata/RHSA-2021:3801
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3802 https://access.redhat.com/errata/RHSA-2021:3802
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:3943 https://access.redhat.com/errata/RHSA-2021:3943
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2021:3987 https://access.redhat.com/errata/RHSA-2021:3987
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2021:4000 https://access.redhat.com/errata/RHSA-2021:4000
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:5640 https://access.redhat.com/errata/RHSA-2022:5640