Linux kernel built with the Kernel-based virtual machine(CONFIG_KVM) along with Hyper-v Synthetic Interrupt Controller(SynIC) support is vulnerable to an undue APIC register access issue. In that a guest with SynIC enabled, could gain access to host's Machine Specific Registers(MSR). A privileged user inside guest could use this flaw to crash the host kernel resulting in DoS OR potentially leverage it to escalate privileges on the host. Upstream patch: --------------- -> http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/152191 Reference: ---------- -> http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100 Note: It requires fairly latest features to be available and enabled on the host(APICv) as well as in the guest(-hv-synic).
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1337807]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
kernel-4.5.5-201.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.5.6-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.