Issue metadata
Sign in to add a comment
|
CVE-2018-12904 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-12904 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-12904 CVSS severity score: 4.4/10.0 Description: In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Aug 28
Upstream commit is 727ba748e("kvm: nVMX: Enforce cpl=0 for VMX instructions").
This commit is present in v4.14. Older kernels do not have this commit.
The fixes tag for the commit is 70f3aac("kvm: nVMX: Remove superfluous VMX instruction fault checks"), which is not present in 4.4. Marking as WontFix.
,
Aug 28
Fixed in chromeos-4.14 with merge of v4.14.50. The offending patch is commit 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks"), which is not present in v4.4.y. chromeos-4.4 and earlier kernels are thus presumably not affected by this problem.
Note that this does not mean that chromeos-4.4 is safe for use in this scenario; the L1TF backport to v4.4.y does not include kvm changes.
,
Aug 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by dgreid@google.com
, Aug 28