Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2019 16:53:06 +0100
From: Jann Horn <>
Cc: Felix Wilhelm <>
Subject: Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)

Three vulnerabilities were recently fixed in KVM-related code; two
found by Felix Wilhelm, one by me:

KVM: uninitialized memory leak in kvm_inject_page_fault
guest-reachable, requires nested virtualization support

KVM: use-after-free using emulated vmx preemption timer
guest-reachable, requires nested virtualization support

Linux: kvm_ioctl_create_device() installs fd before taking reference
reachable only by host userspace with access to /dev/kvm

These are all fixed in the following stable releases:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.