First Last Prev Next    This bug is not in your last search results.
Bug 1013283 - (CVE-2016-9777) VUL-0: CVE-2016-9777: kernel-source: kvm: out of bounds memory access via vcpu_id
(CVE-2016-9777)
VUL-0: CVE-2016-9777: kernel-source: kvm: out of bounds memory access via vcp...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-02 14:38 UTC by Mikhail Kasimov
Modified: 2017-01-11 08:32 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-02 14:38:39 UTC 
Reference:http://seclists.org/oss-sec/2016/q4/562
=============================================================
  Hello,

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an out-of-bounds memory access issue. It could occur on x86 platform, while servicing I/O APIC requests with larger vcpu_id.


A guest user/process could use this flaw to crash the host kernel resulting in DoS or it could potentially be used to escalate privileges on a host.


Upstream patch:
---------------
  -> https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1400804

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================================
Comment 1 Marcus Meissner 2016-12-02 15:37:56 UTC 
the introducer, af1bae5497b9, seems quite fresh , 4.8 kernel or so.
Comment 3 Joerg Roedel 2016-12-09 13:41:22 UTC 
Assigning back.
Comment 4 Marcus Meissner 2016-12-09 13:59:24 UTC 
closing
First Last Prev Next    This bug is not in your last search results.