漏洞标题
KVM:x86:如果*新*路由不可传递,则将IRTE重置为主机控制
漏洞描述信息
## 漏洞概述
Linux内核中的KVM: x86模块存在漏洞,当新的GSI路由阻止IRQ直接发送到vCPU时,未正确重设IRTE到主机控制,导致IRQ可能被误发送到虚拟机,最坏情况下会导致use-after-free漏洞。
## 影响版本
未具体说明影响版本。
## 漏洞细节
当新GSI路由阻止IRQ直接发送到vCPU时,IRTE未重设为主机控制(重映射或发布的MSI模式)。如果仅在新的GSI是MSI时才更新IRTE,KVM将会留下一个发送到vCPU的IRTE。
## 影响
遗留的IRTE可能导致中断错误地发送到虚拟机。最坏的情况下,如果虚拟机被拆除,但底层主机IRQ未被释放,可能会导致use-after-free漏洞。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
漏洞类别
不加限制或调节的资源分配
漏洞标题
KVM: x86: Reset IRTE to host control if *new* route isn't postable
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reset IRTE to host control if *new* route isn't postable
Restore an IRTE back to host control (remapped or posted MSI mode) if the
*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of
the GSI routing type. Updating the IRTE if and only if the new GSI is an
MSI results in KVM leaving an IRTE posting to a vCPU.
The dangling IRTE can result in interrupts being incorrectly delivered to
the guest, and in the worst case scenario can result in use-after-free,
e.g. if the VM is torn down, but the underlying host IRQ isn't freed.
CVSS信息
N/A
漏洞类别
N/A