636732 – (CVE-2017-15306) kernel: Null pointer dereference and system crash

Bug 636732 (CVE-2017-15306) - kernel: Null pointer dereference and system crash

Summary: kernel: Null pointer dereference and system crash

Status:	RESOLVED FIXED

Alias:	CVE-2017-15306

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	PPC Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Kernel Security

URL:	https://www.kernel.org/pub/linux/kern...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-06 19:57 UTC by D'juan McDonald (domhnall)
Modified:	2022-03-26 00:31 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-11-06 19:57:20 UTC

CVE-2017-15306(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15306):
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.

Patch: https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0


Gentoo Security Padawan
(jmbailey/mbailey_j)

Comment 1 John Helmert III archtester

2022-03-26 00:31:10 UTC

Fix in 4.9.60, 4.14