Mailinglist Archive: opensuse-bugs (4247 mails)

< Previous Next >
[Bug 1019851] New: VUL-0: CVE-2017-2584: kernel-source: kvm: use after free in complete_emulated_mmio
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 13 Jan 2017 11:59:26 +0000
  • Message-id: <bug-1019851-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1019851


Bug ID: 1019851
Summary: VUL-0: CVE-2017-2584: kernel-source: kvm: use after
free in complete_emulated_mmio
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Kernel
Assignee: kernel-maintainers@xxxxxxxxxxxxxxxxxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/82
=============================================
Hello,

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is
vulnerable to a use after free flaw. It could occur on x86 platform, when
emulating instructions fxsave, fxrstor, sgdt, etc.


A user/process could use this flaw to crash the host kernel resulting in DoS.

Upstream patch:
---------------
-> https://www.spinics.net/lists/kvm/msg143571.html

Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1413001

'CVE-2017-2584' is assigned to this issue by Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================


=============================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups