In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by adifferent task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn tfullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is arare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed bya different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesnt fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow isa rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by adifferent task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn tfullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is arare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed bya different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesnt fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow isa rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
Inthe Linux kernel,the following vulnerabilityhas been resolved:KVM: SVM: Flush pages under kvm->lock tofixUAF in svm_register_enc_region()Dothe cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock tofix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued upforthe region.Note,the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine,but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate,butthe entireflow is a rare slow path,andthe manual flush is only needed on CPUs thatlack coherencyfor encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinux kernel, thefollowing vulnerability hasbeen resolved:KVM: SVM: Flush pages under kvm->lock to fixUAFin svm_register_enc_region()Do thecache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fixuse-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up fortheregion.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, butregion->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, buttheentireflow is a rare slow path, andthemanual flush is only needed on CPUs thatlack coherency forencrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by adifferent task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn tfullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is arare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed bya different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesnt fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow isa rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by adifferent task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn tfullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is arare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed bya different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesnt fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow isa rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by adifferent task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn tfullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is arare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed bya different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesnt fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow isa rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
| linux | | https://git.kernel.org/linus/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 | https://git.kernel.org/linus/19a23da53932bc8011220bd8c410cb76012de004 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarray of pages could be freed by a different task, e.g. if userspace has__unregister_enc_region_locked() already queued up for the region.Note, the obvious alternative of using local variables doesn t fullyresolve the bug, as region->pages is also dynamically allocated. I.e. theregion structure itself would be fine, but region->pages could be freed.Flushing multiple pages under kvm->lock is unfortunate, but the entireflow is a rare slow path, and the manual flush is only needed on CPUs thatlack coherency for encrypted memory.
