Bug 2248122 (CVE-2023-5090) - CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
Summary: CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_intercep...
Keywords:
Status: NEW
Alias: CVE-2023-5090
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2248123
Blocks: 2239886
TreeView+ depends on / blocked
 
Reported: 2023-11-06 10:19 UTC by Mauro Matteo Cascella
Modified: 2024-10-18 16:30 UTC (History)
44 users (show)

Fixed In Version: kernel 6.6-rc7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:4354 0 None None None 2024-07-08 07:10:59 UTC
Red Hat Product Errata RHBA-2024:4365 0 None None None 2024-07-08 11:00:41 UTC
Red Hat Product Errata RHBA-2024:4461 0 None None None 2024-07-10 15:55:33 UTC
Red Hat Product Errata RHBA-2024:4463 0 None None None 2024-07-10 18:16:44 UTC
Red Hat Product Errata RHBA-2024:4494 0 None None None 2024-07-11 09:38:43 UTC
Red Hat Product Errata RHBA-2024:4495 0 None None None 2024-07-11 10:35:03 UTC
Red Hat Product Errata RHBA-2024:4507 0 None None None 2024-07-11 13:28:56 UTC
Red Hat Product Errata RHBA-2024:4535 0 None None None 2024-07-15 07:10:37 UTC
Red Hat Product Errata RHSA-2024:3854 0 None None None 2024-06-12 01:40:25 UTC
Red Hat Product Errata RHSA-2024:3855 0 None None None 2024-06-12 01:53:47 UTC
Red Hat Product Errata RHSA-2024:4211 0 None None None 2024-07-02 08:53:36 UTC
Red Hat Product Errata RHSA-2024:4352 0 None None None 2024-07-08 02:01:37 UTC

Description Mauro Matteo Cascella 2023-11-06 10:19:06 UTC
An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

Upstream patch & commit:
https://lore.kernel.org/kvm/20230928173354.217464-1-mlevitsk@redhat.com/T
https://github.com/torvalds/linux/commit/b65235f6e102354ccafda601eaa1c5bef5284d21

Comment 1 Mauro Matteo Cascella 2023-11-06 10:19:32 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248123]

Comment 4 Justin M. Forbes 2023-11-08 18:06:46 UTC
This was fixed for Fedora with the 6.5.9 stable kernel updates.

Comment 5 errata-xmlrpc 2024-06-12 01:40:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3854

Comment 6 errata-xmlrpc 2024-06-12 01:53:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:3855 https://access.redhat.com/errata/RHSA-2024:3855

Comment 9 errata-xmlrpc 2024-07-02 08:53:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211

Comment 10 errata-xmlrpc 2024-07-08 02:01:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352


Note You need to log in before you can comment on or make changes to this bug.