2072698 – (CVE-2022-1263) CVE-2022-1263 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c

Bug 2072698 (CVE-2022-1263) - CVE-2022-1263 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c

Summary: CVE-2022-1263 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in...

Keywords:
Status:	NEW
Alias:	CVE-2022-1263
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2061574 2074832 2074835 2096875 2096876 2096877 2096878 2096881
Blocks:	2072700 2073418
TreeView+	depends on / blocked

Reported:	2022-04-06 19:18 UTC by Pedro Sampaio
Modified:	2023-09-19 14:13 UTC (History)
CC List:	43 users (show)
Fixed In Version:	kernel 5.18
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2022-04-06 19:18:08 UTC

A null pointer dereference was found in the kvm module which can lead to denial of service. This flaw is in kvm_dirty_ring_push in virt/kvm/dirty_ring.c.

References:

https://www.openwall.com/lists/oss-security/2022/04/07/1

Comment 2 Mauro Matteo Cascella 2022-06-14 10:18:23 UTC

Upstream commit:
https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4

Comment 6 Mauro Matteo Cascella 2022-06-14 13:14:54 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2096875]

Comment 8 Justin M. Forbes 2022-06-14 14:33:12 UTC

This was fixed for Fedora with the 5.16.20 stable kernel updates.

Comment 16 Mauro Matteo Cascella 2023-05-04 13:47:22 UTC

This issue was fixed upstream in version 5.19. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:7683

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:7444

kernel in Red Hat Enterprise Linux 9
https://access.redhat.com/errata/RHSA-2022:8267

kernel-rt in Red Hat Enterprise Linux 9
https://access.redhat.com/errata/RHSA-2022:7933

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
chwhite
crwood
dvlasenk
hdegoede
hkrzesin
hpa
jarod
jarodwilson
jburrell
jfaracco
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
vkumar
walters
williams