A use after free issue was found in the way Linux kernel's KVM hypervisor emulates a preemption timer for L2 guest when nested(=1) virtualization is enabled. This high resolution timer(hrtimer) runs when L2 guest is active. After VM exit, in sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is free'd before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in DoS OR potentially gain privileged access to a system. It affects only Intel processors and only when nested virtualization is enabled. Upstream patch: --------------- -> https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/02/18/2
Acknowledgments: Name: Felix Wilhelm (Google)
Statement: This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue. Note: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1673676]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:0833
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0818
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058