Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636732 (CVE-2017-15306) - kernel: Null pointer dereference and system crash
Summary: kernel: Null pointer dereference and system crash
Status: RESOLVED FIXED
Alias: CVE-2017-15306
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: PPC Linux
: Normal minor
Assignee: Gentoo Kernel Security
URL: https://www.kernel.org/pub/linux/kern...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-06 19:57 UTC by D'juan McDonald (domhnall)
Modified: 2022-03-26 00:31 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-11-06 19:57:20 UTC
CVE-2017-15306(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15306):
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.

Patch: https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0


Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:31:10 UTC
Fix in 4.9.60, 4.14