First published: Sat Feb 02 2019(Updated: )
A use after free issue was found in the way Linux kernel's KVM hypervisor emulates a preemption timer for L2 guest when nested(=1) virtualization is enabled. This high resolution timer(hrtimer) runs when L2 guest is active. After VM exit, in sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is free'd before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in DoS OR potentially gain privileged access to a system. It affects only Intel processors and only when nested virtualization is enabled. Upstream patch: --------------- -> <a href="https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f">https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f</a> Reference: ---------- -> <a href="https://www.openwall.com/lists/oss-security/2019/02/18/2">https://www.openwall.com/lists/oss-security/2019/02/18/2</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=4.20.5 | |
openSUSE Leap | =15.0 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Netapp Active Iq Performance Analytics Services | ||
Netapp Element Software Management Node | ||
Redhat Openshift Container Platform | =3.11 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
ubuntu/linux | <4.15.0-47.50 | 4.15.0-47.50 |
ubuntu/linux | <4.18.0-17.18 | 4.18.0-17.18 |
ubuntu/linux | <5.0~ | 5.0~ |
ubuntu/linux | <4.4.0-145.171 | 4.4.0-145.171 |
ubuntu/linux-aws | <4.15.0-1035.37 | 4.15.0-1035.37 |
ubuntu/linux-aws | <4.18.0-1012.14 | 4.18.0-1012.14 |
ubuntu/linux-aws | <4.4.0-1040.43 | 4.4.0-1040.43 |
ubuntu/linux-aws | <5.0~ | 5.0~ |
ubuntu/linux-aws | <4.4.0-1079.89 | 4.4.0-1079.89 |
ubuntu/linux-aws-hwe | <5.0~ | 5.0~ |
ubuntu/linux-aws-hwe | <4.15.0-1035.37~16.04.1 | 4.15.0-1035.37~16.04.1 |
ubuntu/linux-azure | <4.18.0-1014.14~18.04.1 | 4.18.0-1014.14~18.04.1 |
ubuntu/linux-azure | <4.18.0-1014.14 | 4.18.0-1014.14 |
ubuntu/linux-azure | <4.15.0-1041.45~14.04.1 | 4.15.0-1041.45~14.04.1 |
ubuntu/linux-azure | <5.0~ | 5.0~ |
ubuntu/linux-azure | <4.15.0-1041.45 | 4.15.0-1041.45 |
ubuntu/linux-azure-edge | <4.18.0-1014.14~18.04.1 | 4.18.0-1014.14~18.04.1 |
ubuntu/linux-azure-edge | <5.0~ | 5.0~ |
ubuntu/linux-azure-edge | <4.15.0-1041.45 | 4.15.0-1041.45 |
ubuntu/linux-euclid | <5.0~ | 5.0~ |
ubuntu/linux-flo | <5.0~ | 5.0~ |
ubuntu/linux-gcp | <4.15.0-1029.31 | 4.15.0-1029.31 |
ubuntu/linux-gcp | <4.18.0-1008.9 | 4.18.0-1008.9 |
ubuntu/linux-gcp | <5.0~ | 5.0~ |
ubuntu/linux-gcp | <4.15.0-1029.31~16.04.1 | 4.15.0-1029.31~16.04.1 |
ubuntu/linux-gcp-edge | <4.18.0-1008.9~18.04.1 | 4.18.0-1008.9~18.04.1 |
ubuntu/linux-gcp-edge | <5.0~ | 5.0~ |
ubuntu/linux-gke | <5.0~ | 5.0~ |
ubuntu/linux-goldfish | <5.0~ | 5.0~ |
ubuntu/linux-grouper | <5.0~ | 5.0~ |
ubuntu/linux-hwe | <4.18.0-17.18~18.04.1 | 4.18.0-17.18~18.04.1 |
ubuntu/linux-hwe | <5.0~ | 5.0~ |
ubuntu/linux-hwe | <4.15.0-47.50~16.04.1 | 4.15.0-47.50~16.04.1 |
ubuntu/linux-hwe-edge | <5.0~ | 5.0~ |
ubuntu/linux-hwe-edge | <4.15.0-47.50~16.04.1 | 4.15.0-47.50~16.04.1 |
ubuntu/linux-kvm | <4.15.0-1031.31 | 4.15.0-1031.31 |
ubuntu/linux-kvm | <4.18.0-1009.9 | 4.18.0-1009.9 |
ubuntu/linux-kvm | <5.0~ | 5.0~ |
ubuntu/linux-kvm | <4.4.0-1043.49 | 4.4.0-1043.49 |
ubuntu/linux-lts-trusty | <5.0~ | 5.0~ |
ubuntu/linux-lts-utopic | <5.0~ | 5.0~ |
ubuntu/linux-lts-vivid | <5.0~ | 5.0~ |
ubuntu/linux-lts-wily | <5.0~ | 5.0~ |
ubuntu/linux-lts-xenial | <4.4.0-144.170~14.04.1 | 4.4.0-144.170~14.04.1 |
ubuntu/linux-lts-xenial | <5.0~ | 5.0~ |
ubuntu/linux-maguro | <5.0~ | 5.0~ |
ubuntu/linux-mako | <5.0~ | 5.0~ |
ubuntu/linux-manta | <5.0~ | 5.0~ |
ubuntu/linux-oem | <4.15.0-1035.40 | 4.15.0-1035.40 |
ubuntu/linux-oem | <4.15.0-1035.40 | 4.15.0-1035.40 |
ubuntu/linux-oem | <5.0~ | 5.0~ |
ubuntu/linux-oracle | <4.15.0-1010.12 | 4.15.0-1010.12 |
ubuntu/linux-oracle | <4.15.0-1010.12 | 4.15.0-1010.12 |
ubuntu/linux-oracle | <5.0~ | 5.0~ |
ubuntu/linux-oracle | <4.15.0-1010.12~16.04.1 | 4.15.0-1010.12~16.04.1 |
ubuntu/linux-raspi2 | <4.15.0-1033.35 | 4.15.0-1033.35 |
ubuntu/linux-raspi2 | <4.18.0-1011.13 | 4.18.0-1011.13 |
ubuntu/linux-raspi2 | <5.0~ | 5.0~ |
ubuntu/linux-raspi2 | <4.4.0-1106.114 | 4.4.0-1106.114 |
ubuntu/linux-snapdragon | <4.15.0-1053.57 | 4.15.0-1053.57 |
ubuntu/linux-snapdragon | <5.0~ | 5.0~ |
ubuntu/linux-snapdragon | <4.4.0-1110.115 | 4.4.0-1110.115 |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)