Assigner | Linux |
Reserved | 2024-03-06 |
Published | 2024-04-03 |
Updated | 2024-05-29 |
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent.
Product status
a3508fbe9dc6 before 5df3b81a567e
a3508fbe9dc6 before f5572c0323cf
a3508fbe9dc6 before 28bb27824f25
a3508fbe9dc6 before fe752331d4b3
4.8
Any version before 4.8
6.1.82
6.6.22
6.7.6
6.8
References
https://git.kernel.org/stable/c/5df3b81a567eb565029563f26f374ae3803a1dfc
https://git.kernel.org/stable/c/f5572c0323cf8b4f1f0618178648a25b8fb8a380
https://git.kernel.org/stable/c/28bb27824f25f36e5f80229a358d66ee09244082
https://git.kernel.org/stable/c/fe752331d4b361d43cfd0b89534b4b2176057c32