[v2.7] kernel: virt/kvm/iommu.c: excessive pages un-pinning in kvm_iommu_map error path (CVE-2014-8369, CVE-2014-3610, CVE-2014-3611, CVE-2014-3647)
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows
unauthorized modification; Allows disruption of service
Fixed in 3.14.24. Accordingly Alpine Linux v3.0 kernel 3.14.22 should be
upgraded or patched (see the commit below).
3.10.y for Alpine Linux v2.6 and v2.7 should be checked if vulnerable.
No commits were cherry-picked in this branch from upstream at the
moment.
References:
CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
CONFIRM:
https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
COMMIT (linux-3.14.y):
https://github.com/torvalds/linux/commit/8c373cfce6904feccca7ccf2a61e236db56dedf4
(from redmine: issue id 3553, created on 2014-11-25, closed on 2017-09-05)
- Relations:
- parent #3551