Linux kernel built with the KVM virtualisation support(CONFIG_KVM), with nested virtualisation(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. A L1 guest user could use this flaw to leak host memory potentially resulting in DoS. Upstream patch -------------- -> https://www.spinics.net/lists/kvm/msg144319.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/01/31/4
Acknowledgments: Name: Dmitry Vyukov (Google Inc.)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1417813]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
kernel-4.9.7-101.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842