[security-announce] Kernel-kvm: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Jan 22 18:08:20 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

			Enea Linux Security Advisory


kernel: kvm: fix excessive pages un-pinning in kvm_iommu_map error path.

======================================================================
Product/package: Kernel-kvm: (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-01-22
CVE Names: CVE-2014-8369
Layer: meta-enea
======================================================================
A security patch that fixes CVE-2014-8369 is now available in the
"http://linux.enea.com/4.0/patches" folder:

Patch file: 0020-kvm-iommu-CVE-2014-8369.patch

Description
===========
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the
Linux kernel through 3.17.2 miscalculates the number of pages
during the handling of a mapping failure, which allows guest
OS users to cause a denial of service (host OS page unpinning)
or possibly have unspecified other impact by leveraging guest
OS privileges.

NOTE: this vulnerability exists because of an incorrect fix
for CVE-2014-3601.

Reference
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0020-kvm-iommu-CVE-2014-8369.patch
# patch -p1 < ./0020-kvm-iommu-CVE-2014-8369.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUwS6EAAoJEHc+9u9ocWoUrOAQAK/Rz6pPd40M82ju0L5xMmvI
prFW+zUQpWHFehT4qcZpZekyfrserKbktgsCzkZeq7US/p7tIBf8yX5vsTJi1PKJ
qa52C7odOElUfoZh6rgYjJd0bQdQ4si7kw3DMMkQ4oJkGIOXsS+5eQGBhJhnoHBU
fj1aN8lrgSjGapZ80LFOQxI49/kozWjoa7DGtrUA4G+53hpmntaaSLTqNuzOnM4c
YAIfrjZXr7UMDfenitQ4WxujHJgYiz7J4gGid8r/JIRTVxy/o2Im8gF8ydQOgcgT
Zf4yuCfxFn5ylqE6SH+I0RitEGoyD7ullf/qq8qdVkkjI5P8Ul90A8q9SIoexZ9y
4D0GLLnzt/ALINk8+wJGz2EXD5huVxdD9mbRA29ooyq2fivVig4Mg+HQwBUEb/lp
OxDJ7pv+ZlnNfBjhIGKifJ6JY4d5cCtPtKnn3J/nEHl29rzjvDj8XzFq4AR03KRf
ZmW/o3gBf7WXpekOTGQKBPB6FScnrVzFqty0egk/qxKIMrRC747Oc0shGXU2i+LY
iq+F3Te0Laj0JmBIBkJ3sn4/CEIVJHLu3KTZAQp6kZdEMdVBULa4tO6Kw5mapUf3
nPO/zRdX/OFYHx8gA2jBNAfOdejKqiYMYS6uSWWhmmrd3TGiXzHiu/JoBkvswhh2
6H+0X+JkuslOMYTgM3K7
=IkMv
-----END PGP SIGNATURE-----



More information about the security-announce mailing list