[v2.6] kernel: kvm: x86: don't report guest userspace emulation error to userspace (CVE-2014-7842)
It was found that reporting emulation failures to user space can lead to either local or L2->L1 DoS.
In the case of local DoS attacker needs access to MMIO area or be able to generate port access. Note that on certain systems HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way.
Fixed in 3.10.61 and 3.14.25.
COMMITS:
Upstream:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a
3.14.y:
https://github.com/torvalds/linux/commit/d8af79d3cb4a181d3265b1419e63828d2487b3df
3.10.y:
https://github.com/torvalds/linux/commit/c75f394964bc21d0b890bd62ead90ff51b3e1e72
References:
http://seclists.org/oss-sec/2014/q4/605
https://bugzilla.redhat.com/show\_bug.cgi?id=1163762
(from redmine: issue id 3568, created on 2014-11-25, closed on 2017-09-05)
- Relations:
- parent #3567