CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS

[P J P <ppandit () redhat com>]

  Hello,

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific 
Rregister(MSR) access with nested(=1) virtualization enabled. In that, L1 
guest could access L0's APIC register values via L2 guest, when 'virtualize 
x2APIC mode' is enabled.

A guest could use this flaw to potentially crash the host kernel resulting in 
DoS issue.

Upstream patches:
-----------------
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=acff78477b9b4f26ecdf65733a4ed77fe837e9dc
  -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c73f4c998e1fd4249b9edfa39e23f4fda2b9b041

This issue was discovered by Marc Orr of Google Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F