oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM

From: Michael Ellerman <mpe () ellerman id au>
Date: Mon, 06 Nov 2017 21:24:56 +1100
Hi folks,

Greg Kurz discovered a local denial of service (kernel oops) in the KVM
code for powerpc.

From his report:

    The following program causes a kernel oops:
    
    #include <sys/types.h>
    #include <sys/stat.h>
    #include <fcntl.h>
    #include <sys/ioctl.h>
    #include <linux/kvm.h>
    
    main()
    {
        int fd = open("/dev/kvm", O_RDWR);
        ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_PPC_HTM);
    }
    
    This happens because when using the global KVM fd with
    KVM_CHECK_EXTENSION, kvm_vm_ioctl_check_extension() gets
    called with a NULL kvm argument, which gets dereferenced
    in is_kvmppc_hv_enabled().


The bug was introduced in commit:

  23528bb21ee2 ("KVM: PPC: Introduce KVM_CAP_PPC_HTM")

Which was merged into kernel 4.8-rc1.

The fix is now in mainline:

  ac64115a66c1 ("KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM")

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c1


cheers

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: