SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Use-After-Free Memory Error in complete_emulated_mmio() Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System
SecurityTracker Alert ID:  1037603
SecurityTracker URL:  http://securitytracker.com/id/1037603
CVE Reference:   CVE-2017-2584   (Links to External Site)
Date:  Jan 17 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user on the guest system can cause denial of service conditions on the host system.

A local user on the guest system can trigger a use-after-free memory error in complete_emulated_mmio() and cause the host system to crash.

x86 platforms are affected.

Impact:   A local user on the guest system can cause the host system to crash.
Solution:   A proposed patch is available at:

https://www.spinics.net/lists/kvm/msg143571.html

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  [oss-security] CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio

   Hello,

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support 
is vulnerable to a use after free flaw. It could occur on x86 platform, when 
emulating instructions fxsave, fxrstor, sgdt, etc.

A user/process could use this flaw to crash the host kernel resulting in DoS.

Upstream patch:
---------------
   -> https://www.spinics.net/lists/kvm/msg143571.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1413001

'CVE-2017-2584' is assigned to this issue by Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC