Re: CVE request Kernel: kvm: use-after-free issue while creating devices

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support
> is vulnerable to a use-after-free flaw. It could occur while creating devices, 
> via ioctl('/dev/kvm', ...) calls.
>
> A user/process could use this flaw to crash the host kernel resulting in DoS 
> or potentially escalate their privileges on a system.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1414506
> https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61

> > KVM: use after free in kvm_ioctl_create_device()
> >
> > We should move the ops->destroy(dev) after the list_del(&dev->vm_node)
> > so that we don't use "dev" after freeing it.
> >
> > virt/kvm/kvm_main.c

Use CVE-2016-10150.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYgTPgAAoJEHb/MwWLVhi2d54P/1HdOI1khdv+N0Xl8/6HEHsI
Fw7DGd9i1o74vbcFSaqkWLLPD1py1bo0Vc2rzYHhuLR9snJ6c+q/Zcrf5JAkCi2R
+pmTznsfb82uTSX69RlQidv6aDHE15kGWh99iKaRmSyl3zx5WynfrmBQwBziUVVi
6yBcnQc5VRC8lyaTh2iLdW/m/fjzBieQKfKTlbdTGc7hkoEWyTvSmxksmTN5cQyU
AbJjID50vjXdKpS7vxQ88LGuy/BWT74V0Nb2lIU7YCqX8nGcnfcTiM0HQM7nOQRb
uX3XrQfzE5OrbotTZmj59+lf5dpsKxeE1RJvpdA33XFgtEoYs6nRZwnBIDtJPL0v
8OMUhPLhSd3aikOPZ2WKTD/vqv1nxjpOo/mMJA5T6PlMi/7+XTYXrHlRd08e5JJc
BM1m6NuvTUoU2DV0ixicAUWRHd2MOx0i+BPubGrZeCYlACjPkI/SoJn8JqjsBvN0
EkX8am20G6RJxTGtplhjnhqGc0ZoT1XBi9fwpmEtFAD8lKI53DLPVzw0Yy2KMlOw
wwW94nMmo0KcXGPDf58aG2j+20cGkgPHaK4vKUaRC2ISsx++MYfRFFREo2wC4dyW
cAs0lb8ka9SFbiLZ6KiHVq3+uXs77HMBRPbT9wrS1z7QGapzB/5f2t46SYX2eCWD
P+hlTEh26mdh5anV0jew
=0y5u
-----END PGP SIGNATURE-----