Bug 828015 - (CVE-2013-1935) VUL-1: CVE-2013-1935: kernel: kvm: pv_eoi guest updates with interrupts disabled
VUL-1: CVE-2013-1935: kernel: kvm: pv_eoi guest updates with interrupts disabled
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Major
: ---
Assigned To: Bruce Rogers
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2013-07-03 15:53 UTC by Marcus Meissner
Modified: 2015-03-05 16:29 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-07-03 15:53:41 UTC
is public, via RH bugzilla



A bug has been found in the way guest pv_eoi updates were handled before entering the guests. Upon synchronizing LAPIC to the guest's VAPIC,  kvm_write_guest_cached() (and thus copy_to_user()) could be called with interrupts disabled.

A local unprivileged user in the guest could potentially use this flaw to crash the host.
Comment 1 Marcus Meissner 2013-07-03 15:54:21 UTC
(I have a hard time identifying the fix in mainline kernel. other references of that CVE were so far not helpful)
Comment 2 Swamp Workflow Management 2013-07-03 22:00:48 UTC
bugbot adjusting priority
Comment 3 Bruce Rogers 2013-07-08 20:59:52 UTC
Neither SLE11 SP2 nor SLE11 SP3 are affected, since PV EOI support is not present in the kernels of either of those releases.

The only openSUSE release affected would be 12.3, since the PV EOI code was added in v3.6 and 12.3 has v3.7, and the security issue was discovered well after that kernel release.

I too am having an issue identifying the fix. Still working on it...
Comment 4 Marcus Meissner 2015-03-05 16:29:38 UTC
as 12.3 is EOLed, I think we can close now.