PT-2020-2414 · Linux+2 · Linux Kernel+2

Gustavo Romero

Published

2020-04-06

Updated

2022-10-07

CVE-2020-8834

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18

Description The issue is caused by a conflicting use of HSTATE HOST R1 to store r1 state in kvmppc hv entry plus in kvmppc {save,restore} tm, leading to a stack corruption. An attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic. The vulnerability was introduced by two commits that landed in versions 4.8 and 4.17.

Recommendations For Linux kernel versions prior to 4.18, update to version 4.18 or later to resolve the issue. As a temporary workaround, consider disabling the kvmppc save tm() and kvmppc restore tm() functions until a patch is available. Restrict access to the vulnerable kvmppc hv entry and kvmppc {save,restore} tm functions to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-368CWE-362

Related Identifiers

BDU:2020-02415

CVE-2020-8834

OPENSUSE-SU-2020:0543-1

OPENSUSE-SU-2020_0543-1

RHSA-2020:2854

SUSE-SU-2020:1084-1

SUSE-SU-2020:1085-1

SUSE-SU-2020:1087-1

SUSE-SU-2020:1118-1

SUSE-SU-2020:1119-1

SUSE-SU-2020:1123-1

SUSE-SU-2020:1141-1

SUSE-SU-2020:1142-1

SUSE-SU-2020:1146-1

SUSE-SU-2020:1663-1

SUSE-SU-2020_1663-1

USN-4318-1

Affected Products

Linux Kernel

Suse

Ubuntu

PT-2020-2414 · Linux+2 · Linux Kernel+2

CVE-2020-8834

Weakness Enumeration

Related Identifiers

Affected Products

References · 374