An OOB memory write issue was found in the way Linux kernel's KVM hypervisor handled 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get cpuid features emulated by the KVM hypervisor. A user/process able to access '/dev/kvm' device could use this flaw to crash the system resulting in DoS issue. Upstream patch: --------------- -> https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e Reference: -> https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1783451]
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.
External References: https://www.openwall.com/lists/oss-security/2019/12/16/1 https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19332
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609