Bug ID 1013283
Summary VUL-0: kernel-source: kvm: out of bounds memory access via vcpu_id
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Reference:http://seclists.org/oss-sec/2016/q4/562
=============================================================
  Hello,

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is
vulnerable to an out-of-bounds memory access issue. It could occur on x86
platform, while servicing I/O APIC requests with larger vcpu_id.


A guest user/process could use this flaw to crash the host kernel resulting in
DoS or it could potentially be used to escalate privileges on a host.


Upstream patch:
---------------
  -> https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1400804

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================================

You are receiving this mail because: