CLD-49 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-1000252 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-22 10:57:55
Date Last Modified 2017-10-05 09:21:33

Version Specific Information:

Cucumber 1.0 i686fixed in linux-4.9.53-i686-1
Cucumber 1.0 x86_64fixed in linux-4.9.53-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.53-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.53-x86_64-1

Details:

We have discovered a user triggerable BUG() when using KVM with posted interrupts on Intel
systems. This requires an unprivileged user to have access to the KVM device.

Certain values in a KVM_IRQFD API call can trigger a BUG_ON() at a later point in
vmx_update_pi_irte(). KVM as a whole seems to hang after that.

The issue was introduced with Linux 4.4, patches have been posted to the KVM
mailing list:
- https://marc.info/?l=kvm&m=150549145711115&w=2
- https://marc.info/?l=kvm&m=150549146311117&w=2
(From http://seclists.org/oss-sec/2017/q3/465)

This has been fixed in the mainline kernel by commit
3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb. As of Fri Sep 22 11:20:08 EDT 2017,
this patch has yet to be applied to the 4.9 stable kernel tree.