Bug 1695044 (CVE-2019-3887) - CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
Summary: CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-3887
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20190405:1600...
Depends On: 1697199 1697201 1697187 1697198 1697200
Blocks: 1695003
TreeView+ depends on / blocked
 
Reported: 2019-04-02 11:30 UTC by Prasad J Pandit
Modified: 2019-09-16 21:54 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Register (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue.
Clone Of:
Environment:
Last Closed: 2019-09-12 12:45:42 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2767 None None None 2019-09-12 19:12:27 UTC
Red Hat Product Errata RHSA-2019:2703 None None None 2019-09-10 19:00:10 UTC
Red Hat Product Errata RHSA-2019:2741 None None None 2019-09-11 16:42:05 UTC

Description Prasad J Pandit 2019-04-02 11:30:10 UTC
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific
Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1 guest
could access L0's APIC register values via L2 guest, when 'virtualize x2APIC
mode' is enabled.

A guest could use this flaw to potentially crash the host kernel resulting in
DoS issue.

Upstream patches:
-----------------
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=acff78477b9b4f26ecdf65733a4ed77fe837e9dc
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c73f4c998e1fd4249b9edfa39e23f4fda2b9b041

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/04/08/1

Comment 2 Prasad J Pandit 2019-04-03 10:07:30 UTC
Acknowledgments:

Name: Marc Orr (Google.com)

Comment 3 Prasad J Pandit 2019-04-08 04:20:36 UTC
Statement:

This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Comment 4 Prasad J Pandit 2019-04-08 04:21:37 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1697187]

Comment 6 Fedora Update System 2019-04-13 01:30:32 UTC
kernel-5.0.7-100.fc28, kernel-headers-5.0.7-100.fc28, kernel-tools-5.0.7-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2019-04-13 15:32:42 UTC
kernel-5.0.7-200.fc29, kernel-headers-5.0.7-200.fc29, kernel-tools-5.0.7-200.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 errata-xmlrpc 2019-09-10 19:00:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2703

Comment 10 errata-xmlrpc 2019-09-11 16:42:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2019:2741

Comment 11 Product Security DevOps Team 2019-09-12 12:45:42 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-3887


Note You need to log in before you can comment on or make changes to this bug.