Bug 1216927 (CVE-2023-5090)

Summary:	VUL-0: CVE-2023-5090: kvm,qemu,xen: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Dario Faggioli <dfaggioli>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	dfaggioli, stoyan.manolov
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/384215/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-5090:6.0:(AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2023-11-07 04:26:38 UTC

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception()
may allow direct access to host x2apic msrs when the guest resets its apic,
potentially leading to a denial of service condition.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5090

Comment 1 Stoyan Manolov 2023-11-08 15:04:36 UTC

https://lkml.kernel.org/stable/ZRWhhTvQuE2MN9KB@google.com/T/#t