lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 17 Jun 2022 16:28:39 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Red Hat Product Security <secalert@...hat.com>
Cc:     mingo@...hat.com, bp@...en8.de, pgn@....edu.cn,
        pbonzini@...hat.com, wanpengli@...cent.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, tglx@...utronix.de,
        kangel@....edu.cn, syzkaller@...glegroups.com, jmattson@...gle.com,
        vkuznets@...hat.com, dave.hansen@...ux.intel.com,
        linux-sgx@...r.kernel.org, jarkko@...nel.org, joro@...tes.org,
        hpa@...or.com
Subject: Re: 'WARNING in vcpu_enter_guest' bug in arch/x86/kvm/x86.c:9877

On Fri, Jun 17, 2022, Red Hat Product Security wrote:
> Hello!
> 
> INC2131147 ('WARNING in vcpu_enter_guest' bug in arch/x86/kvm/x86.c:9877) is pending your review.
> 
> Opened for: pgn@....edu.cn
> Followers: Paolo Bonzini, seanjc@...gle.com, Vitaly Kuznetsov, wanpengli@...cent.com, jmattson@...gle.com, joro@...tes.org, tglx@...utronix.de, Ingo Molnar, bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com, jarkko@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, linux-sgx@...r.kernel.org, kangel@....edu.cn, syzkaller@...glegroups.com
> 
> Mauro Matteo Cascella updated your request with the following comments:
> 
> Hi Sean,
>  Thanks for the fix: https://github.com/torvalds/linux/commit/423ecfea77dda83823c71b0fad1c2ddb2af1e5fc [https://github.com/torvalds/linux/commit/423ecfea77dda83823c71b0fad1c2ddb2af1e5fc].
> Is this CVE worthy? As /dev/kvm is world accessible and unprivileged users could trigger the bug IIUC. We (Red Hat) can assign one if needed.

IMO, it's not CVE worthy.  Unprivileged users can trigger the bug, but the bug
itself is not harmful to the system at large, only to that user's VM/workload.
The splat is a WARN_ON_ONCE() so it won't spam the kernel log.  panic_on_warn
would be problematic, but assigning a CVE for every WARN seems excessive.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ