oss-sec mailing list archives

Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push

From: Qiuhao Li <qiuhao () sysec org>
Date: Thu, 7 Apr 2022 17:16:26 +0800

On 4/7/22 16:35, Solar Designer wrote:

Further in the linux-distros thread, this got assigned CVE-2022-1263,
however is this really a security issue - in other words, is a security
boundary crossed in triggering the bug?  I think it is not, and if so
the CVE ID should probably be rejected.  From the PoC:

                res = syscall(__NR_openat, 0xffffffffffffff9cul, "/dev/kvm", 0ul, 0ul);


We sent the report to oss-security as instructed by linux-distro.

As Paolo said, /dev/kvm can be accessed by an unprivileged local user.So it's a Dos. It also seems like there is a kernel NPD issue on ossbefore: https://www.openwall.com/lists/oss-security/2022/04/02/5


In fact, also in the linux-distros thread it was promptly agreed that
this doesn't need an embargo - perhaps precisely because of no security
relevance?  If so, that should have been said explicitly, so a CVE ID
wouldn't be assigned (it was by another person).

We are willing to cooperate with the final decision of the CVE issuerand oss-security.

Personally, I agree with Paolo this is not a scary bug. No embargo makesit be fixed quickly.


Regards,
  Qiuhao Li

Current thread:

Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push kangel (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
  - Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
    - Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
  - Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)