Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in linux-4.9.69-i686-1 |
|Cucumber 1.0 x86_64||fixed in linux-4.9.69-x86_64-1 |
|Cucumber 1.1 i686
||fixed in linux-4.9.69-i686-1 |
|Cucumber 1.1 x86_64
||fixed in linux-4.9.69-x86_64-1 |
=================================== Overview ===================================
The Linux Kernel 2.6.32 and later are affected by a denial of service, by
flooding the diagnostic port 0x80 an exception can be triggered leading to a
================================ Initial Report ================================
From Kernel.org (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69):
KVM allows guests to directly access I/O port 0x80 on Intel hosts. If the
guest floods this port with writes it generates exceptions and instability in
the host kernel, leading to a crash. With this change guest writes to port
0x80 on Intel will behave the same as they currently behave on AMD systems.
Prevent the flooding by removing the code that sets port 0x80 as a passthrough
port. This is essentially the same as upstream patch
99f85a28a78e96d28907fe036e1671a218fee597, except that patch was for AMD
chipsets and this patch is for Intel.
================================= Our Analysis =================================
----- Affected Products -----
Versions of the 4.9 Linux kernel series prior to 4.9.69 are vulnerable to this.
----- Scope and Impact of this Vulnerability -----
This vulnerability allows for a guest VM to cause a denial of service (kernel
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to Linux 4.9.69 or applying the
================================= Our Solution =================================
We have upgraded to Linux 4.9.69.