SEVERITY: Medium
CATEGORY: Vulnerability
ANALYSIS SUMMARY
A use-after-free issue was found in the way Linux kernel’s KVM hypervisor processed posted interrupts, when nested(=1) virtualization is enabled. Innested_get_vmcs12_pages(). In case of an error while processing posted interrupt address, it unmaps the ‘pi_desc_page’ without resetting ‘pi_desc’ descriptor address. Which is later used in pi_test_and_clear_on().
A guest user/process could use this flaw to crash the host kernel resulting in DoS.
IMPACT
System access or Dos (Denial of Service) in guest virtual machine.
AFFECTED PRODUCTS
REMEDIATION
Upstream patch can be followed from the following link.
(Note: This is a third-party patch, whereas the vendor has not released any patches for this vulnerability so far.)
https://marc.info/?l=kvm&m=154514994222809&w=2
If you thin you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.