Impact: Important Public Date: 2019-02-07 CWE: CWE-416 Bugzilla: 1671904: CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.
Find out more about CVE-2019-7221 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
Note: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 7.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | High |
User Interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat Enterprise MRG 2 | kernel-rt | Not affected |
Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
Red Hat Enterprise Linux 7 | kernel | Affected |
Red Hat Enterprise Linux 7 | kernel-rt | Affected |
Red Hat Enterprise Linux 6 | kernel | Not affected |
Red Hat Enterprise Linux 5 | kernel | Not affected |