Bug 828015 - (CVE-2013-1935) VUL-1: CVE-2013-1935: kernel: kvm: pv_eoi guest updates with interrupts disabled
(CVE-2013-1935)
VUL-1: CVE-2013-1935: kernel: kvm: pv_eoi guest updates with interrupts disabled
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Bruce Rogers
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-03 15:53 UTC by Marcus Meissner
Modified: 2015-03-05 16:29 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-07-03 15:53:41 UTC
is public, via RH bugzilla

CVE-2013-1935

https://bugzilla.redhat.com/show_bug.cgi?id=949981

A bug has been found in the way guest pv_eoi updates were handled before entering the guests. Upon synchronizing LAPIC to the guest's VAPIC,  kvm_write_guest_cached() (and thus copy_to_user()) could be called with interrupts disabled.

A local unprivileged user in the guest could potentially use this flaw to crash the host.
Comment 1 Marcus Meissner 2013-07-03 15:54:21 UTC
(I have a hard time identifying the fix in mainline kernel. other references of that CVE were so far not helpful)
Comment 2 Swamp Workflow Management 2013-07-03 22:00:48 UTC
bugbot adjusting priority
Comment 3 Bruce Rogers 2013-07-08 20:59:52 UTC
Neither SLE11 SP2 nor SLE11 SP3 are affected, since PV EOI support is not present in the kernels of either of those releases.

The only openSUSE release affected would be 12.3, since the PV EOI code was added in v3.6 and 12.3 has v3.7, and the security issue was discovered well after that kernel release.

I too am having an issue identifying the fix. Still working on it...
Comment 4 Marcus Meissner 2015-03-05 16:29:38 UTC
as 12.3 is EOLed, I think we can close now.