991065 – (CVE-2016-5412) VUL-1: CVE-2016-5412: kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode

Bug 991065 (CVE-2016-5412) - VUL-1: CVE-2016-5412: kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode

Summary: VUL-1: CVE-2016-5412: kernel: powerpc: kvm: Infinite loop via H_CEDE hypercal...

Status:	RESOLVED FIXED

Alias:	CVE-2016-5412

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	PowerPC-64 Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Torsten Duwe
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/171418/
Whiteboard:	CVSSv2:SUSE:CVE-2016-5412:3.8:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-07-28 12:27 UTC by Andreas Stieger
Modified:	2022-02-13 11:15 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch1 (12.25 KB, patch) 2016-07-28 12:29 UTC, Andreas Stieger	Details \| Diff
patch2 (2.46 KB, patch) 2016-07-28 12:29 UTC, Andreas Stieger	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-07-28 12:27:16 UTC

https://marc.info/?l=kvm&m=146968629127349&w=2

These two patches fix a denial-of-service vulnerability in the host
kernel when running guests using HV-style KVM on POWER8 machines.
It turns out that if a user process starts a transaction and then
does an exec system call, it can not only crash the guest kernel
but also cause one or more host CPUs to hang.  This vulnerability
has been assigned the ID CVE-2016-5412.  This patch series is the
fix for the vulnerability.  I would like to get these patches into
v4.8-rc1 and also into the stable trees.

Paul.

 arch/powerpc/kvm/book3s_hv_rmhandlers.S | 462 +++++++++++++++++---------------
 1 file changed, 250 insertions(+), 212 deletions(-)




References:
https://bugzilla.redhat.com/show_bug.cgi?id=1349916
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5412

Comment 1 Andreas Stieger 2016-07-28 12:29:15 UTC

Created attachment 685880 [details]
patch1

Comment 2 Andreas Stieger 2016-07-28 12:29:36 UTC

Created attachment 685881 [details]
patch2

Comment 4 Michal Marek 2016-07-28 12:57:09 UTC

Transactional memory support is in kernels 3.9+, so SLE12+.

Comment 5 Swamp Workflow Management 2016-07-28 22:01:51 UTC

bugbot adjusting priority

Comment 8 Bernhard Wiedemann 2016-07-29 20:02:00 UTC

This is an autogenerated message for IBS integration:
This bug (991065) was mentioned in
https://build.suse.de/request/show/118728 SLE-12-SP2 / kernel-source

Comment 9 Torsten Duwe 2016-08-01 10:27:24 UTC

openSUSE and older SLES still TBD.

Comment 10 Marcus Meissner 2017-03-02 11:11:39 UTC

still open I think

Comment 11 Torsten Duwe 2017-03-08 12:13:13 UTC

(In reply to Marcus Meissner from comment #10)
> still open I think

No, it's not. The fixes went into 4.1.31.
f024ee098476a3e620232e4a78cfac505f121245
93d17397e4e2182fdaad503e2f9da46202c0f1c3
Thanks for the reminder.
closing now.