Bug 1695044 (CVE-2019-3887) - CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
Summary: CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
Status: NEW
Alias: CVE-2019-3887
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20190405:1600...
Keywords: Security
Depends On: 1697198 1697199 1697200 1697201 1697187
Blocks: 1695003
TreeView+ depends on / blocked
 
Reported: 2019-04-02 11:30 UTC by Prasad J Pandit
Modified: 2019-04-16 15:51 UTC (History)
41 users (show)

(edit)
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Register (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Prasad J Pandit 2019-04-02 11:30:10 UTC
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific
Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1 guest
could access L0's APIC register values via L2 guest, when 'virtualize x2APIC
mode' is enabled.

A guest could use this flaw to potentially crash the host kernel resulting in
DoS issue.

Upstream patches:
-----------------
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=acff78477b9b4f26ecdf65733a4ed77fe837e9dc
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c73f4c998e1fd4249b9edfa39e23f4fda2b9b041

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/04/08/1

Comment 2 Prasad J Pandit 2019-04-03 10:07:30 UTC
Acknowledgments:

Name: Marc Orr (Google.com)

Comment 3 Prasad J Pandit 2019-04-08 04:20:36 UTC
Statement:

This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Comment 4 Prasad J Pandit 2019-04-08 04:21:37 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1697187]

Comment 6 Fedora Update System 2019-04-13 01:30:32 UTC
kernel-5.0.7-100.fc28, kernel-headers-5.0.7-100.fc28, kernel-tools-5.0.7-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2019-04-13 15:32:42 UTC
kernel-5.0.7-200.fc29, kernel-headers-5.0.7-200.fc29, kernel-tools-5.0.7-200.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.