Описание
ELSA-2026-50170: Unbreakable Enterprise kernel bug fix update (NA)
[6.12.0-200.74.27.1]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39071315]
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-uek
6.12.0-200.74.27.1.el10uek
kernel-uek-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-devel
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-desktop
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-extra
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-usb
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-wireless
6.12.0-200.74.27.1.el10uek
kernel-uek-devel
6.12.0-200.74.27.1.el10uek
kernel-uek-doc
6.12.0-200.74.27.1.el10uek
kernel-uek-modules
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-core
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-deprecated
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-desktop
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-extra
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-usb
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-wireless
6.12.0-200.74.27.1.el10uek
kernel-uek-tools
6.12.0-200.74.27.1.el10uek
kernel-uek64k
6.12.0-200.74.27.1.el10uek
kernel-uek64k-core
6.12.0-200.74.27.1.el10uek
kernel-uek64k-devel
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-core
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-deprecated
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-desktop
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-extra
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-extra-netfilter
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-usb
6.12.0-200.74.27.1.el10uek
kernel-uek64k-modules-wireless
6.12.0-200.74.27.1.el10uek
Oracle Linux x86_64
kernel-uek
6.12.0-200.74.27.1.el10uek
kernel-uek-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-devel
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-core
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-desktop
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-extra
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-usb
6.12.0-200.74.27.1.el10uek
kernel-uek-debug-modules-wireless
6.12.0-200.74.27.1.el10uek
kernel-uek-devel
6.12.0-200.74.27.1.el10uek
kernel-uek-doc
6.12.0-200.74.27.1.el10uek
kernel-uek-modules
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-core
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-deprecated
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-desktop
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-extra
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-usb
6.12.0-200.74.27.1.el10uek
kernel-uek-modules-wireless
6.12.0-200.74.27.1.el10uek
kernel-uek-tools
6.12.0-200.74.27.1.el10uek
Oracle Linux 9
Oracle Linux aarch64
kernel-uek
6.12.0-200.74.27.1.el9uek
kernel-uek-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-devel
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-desktop
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-extra
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-usb
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-wireless
6.12.0-200.74.27.1.el9uek
kernel-uek-devel
6.12.0-200.74.27.1.el9uek
kernel-uek-doc
6.12.0-200.74.27.1.el9uek
kernel-uek-modules
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-core
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-deprecated
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-desktop
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-extra
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-usb
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-wireless
6.12.0-200.74.27.1.el9uek
kernel-uek-tools
6.12.0-200.74.27.1.el9uek
kernel-uek64k
6.12.0-200.74.27.1.el9uek
kernel-uek64k-core
6.12.0-200.74.27.1.el9uek
kernel-uek64k-devel
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-core
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-deprecated
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-desktop
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-extra
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-extra-netfilter
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-usb
6.12.0-200.74.27.1.el9uek
kernel-uek64k-modules-wireless
6.12.0-200.74.27.1.el9uek
Oracle Linux x86_64
kernel-uek
6.12.0-200.74.27.1.el9uek
kernel-uek-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-devel
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-core
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-desktop
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-extra
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-usb
6.12.0-200.74.27.1.el9uek
kernel-uek-debug-modules-wireless
6.12.0-200.74.27.1.el9uek
kernel-uek-devel
6.12.0-200.74.27.1.el9uek
kernel-uek-doc
6.12.0-200.74.27.1.el9uek
kernel-uek-modules
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-core
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-deprecated
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-desktop
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-extra
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-usb
6.12.0-200.74.27.1.el9uek
kernel-uek-modules-wireless
6.12.0-200.74.27.1.el9uek
kernel-uek-tools
6.12.0-200.74.27.1.el9uek
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa15c6bda3 was right about it being impossible to convert a shadow-present SPTE to an MMIO SPTE due to a _guest_ write, it failed to account for writes to guest memory that are outside the scope of KVM. E.g. if host userspace modifies a shadowed gPTE to switch from a memslot to emulted MMIO and then the guest hits a relevant page fault, KVM will install the MMIO SPTE without first zapping the shadow-present SPTE. ------------[ cut here ]------------ is_shadow_present_pte(*sptep) WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292 Modules linked in: kvm_intel kvm irqbypass CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #31...
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa15c6bda3 was right about it being impossible to convert a shadow-present SPTE to an MMIO SPTE due to a _guest_ write, it failed to account for writes to guest memory that are outside the scope of KVM. E.g. if host userspace modifies a shadowed gPTE to switch from a memslot to emulted MMIO and then the guest hits a relevant page fault, KVM will install the MMIO SPTE without first zapping the shadow-present SPTE. ------------[ cut here ]------------ is_shadow_present_pte(*sptep) WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292 Modules linked in: kvm_intel kvm irqbypass CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
In the Linux kernel, the following vulnerability has been resolved: K ...
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa15c6bda3 was right about it being impossible to convert a shadow-present SPTE to an MMIO SPTE due to a _guest_ write, it failed to account for writes to guest memory that are outside the scope of KVM. E.g. if host userspace modifies a shadowed gPTE to switch from a memslot to emulted MMIO and then the guest hits a relevant page fault, KVM will install the MMIO SPTE without first zapping the shadow-present SPTE. ------------[ cut here ]------------ is_shadow_present_pte(*sptep) WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292 Modules linked in: kvm_intel kvm irqbypass CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2a...