Bugzilla – Bug 828015
VUL-1: CVE-2013-1935: kernel: kvm: pv_eoi guest updates with interrupts disabled
Last modified: 2015-03-05 16:29:38 UTC
is public, via RH bugzilla
A bug has been found in the way guest pv_eoi updates were handled before entering the guests. Upon synchronizing LAPIC to the guest's VAPIC, kvm_write_guest_cached() (and thus copy_to_user()) could be called with interrupts disabled.
A local unprivileged user in the guest could potentially use this flaw to crash the host.
(I have a hard time identifying the fix in mainline kernel. other references of that CVE were so far not helpful)
bugbot adjusting priority
Neither SLE11 SP2 nor SLE11 SP3 are affected, since PV EOI support is not present in the kernels of either of those releases.
The only openSUSE release affected would be 12.3, since the PV EOI code was added in v3.6 and 12.3 has v3.7, and the security issue was discovered well after that kernel release.
I too am having an issue identifying the fix. Still working on it...
as 12.3 is EOLed, I think we can close now.