oss-sec mailing list archives
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push
From: Solar Designer <solar () openwall com>
Date: Thu, 7 Apr 2022 10:35:43 +0200
On Thu, Apr 07, 2022 at 10:15:42AM +0800, kangel wrote:
We found a null-ptr-deref in the kvm module which can lead to DoS. This flaw is in kvm_dirty_ring_push in virt/kvm/dirty_ring.c. The linux kernel version is 5.17.0-rc8. We would appreciate a CVE ID if this is a security issue.
Further in the linux-distros thread, this got assigned CVE-2022-1263, however is this really a security issue - in other words, is a security boundary crossed in triggering the bug? I think it is not, and if so the CVE ID should probably be rejected. From the PoC:
res = syscall(__NR_openat, 0xffffffffffffff9cul, "/dev/kvm", 0ul, 0ul);
In fact, also in the linux-distros thread it was promptly agreed that this doesn't need an embargo - perhaps precisely because of no security relevance? If so, that should have been said explicitly, so a CVE ID wouldn't be assigned (it was by another person). Alexander
Current thread:
- Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push kangel (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)