Описание
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Отчет
Both Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 leverage udev to set the proper permissions (ugo=rw) of the /dev/kvm device, making it accessible to all users. It is worth noting that while the KVM rule is part of the main udev package in Red Hat Enterprise Linux 8, the same rule is shipped with the qemu-kvm package in Red Hat Enterprise Linux 7. In other words, Red Hat Enterprise Linux 7 does not expose /dev/kvm to unprivileged users by default, as long as the qemu-kvm package is not installed.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | kernel-alt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | kernel | Fixed | RHSA-2022:5640 | 19.07.2022 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2021:3802 | 12.10.2021 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2021:3768 | 12.10.2021 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2021:3801 | 12.10.2021 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel | Fixed | RHSA-2021:3767 | 12.10.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2021:3766 | 12.10.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2021:3725 | 05.10.2021 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2021:3812 | 12.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
An issue was discovered in Linux: KVM through Improper handling of VM_ ...
Уязвимость операционной системы Linux вызвана переполнением буфера, позволяющая нарушителю выполнить произвольную команду управления
Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP2)
EPSS
7 High
CVSS3