Description
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
Problem types
Improper Handling of Exceptional Conditions
Product status
0:4.18.0-553.8.1.rt7.349.el8_10 (rpm) before *
0:4.18.0-553.8.1.el8_10 (rpm) before *
0:5.14.0-427.16.1.el9_4 (rpm) before *
0:5.14.0-427.16.1.el9_4 (rpm) before *
0:5.14.0-284.69.1.el9_2 (rpm) before *
0:5.14.0-284.69.1.rt14.354.el9_2 (rpm) before *
Timeline
| 2023-09-20: | Reported to Red Hat. |
| 2023-09-28: | Made public. |
Credits
This issue was discovered by Maxim Levitsky (Red Hat).
References
access.redhat.com/errata/RHSA-2024:3854 (RHSA-2024:3854)
access.redhat.com/errata/RHSA-2024:3855 (RHSA-2024:3855)
access.redhat.com/errata/RHSA-2024:4211 (RHSA-2024:4211)
access.redhat.com/errata/RHSA-2024:4352 (RHSA-2024:4352)
access.redhat.com/security/cve/CVE-2023-5090
bugzilla.redhat.com/show_bug.cgi?id=2248122 (RHBZ#2248122)
access.redhat.com/errata/RHSA-2024:2758 (RHSA-2024:2758)
access.redhat.com/errata/RHSA-2024:3854 (RHSA-2024:3854)
access.redhat.com/errata/RHSA-2024:3855 (RHSA-2024:3855)
access.redhat.com/errata/RHSA-2024:4211 (RHSA-2024:4211)
access.redhat.com/errata/RHSA-2024:4352 (RHSA-2024:4352)
access.redhat.com/security/cve/CVE-2023-5090
bugzilla.redhat.com/show_bug.cgi?id=2248122 (RHBZ#2248122)