retired/CVE-2018-16882


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: KVM: nVMX: use after free in posted interrupt processing
References:
 https://www.openwall.com/lists/oss-security/2018/12/18/6
 https://marc.info/?l=kvm&m=154514994222809&w=2
Notes:
 carnil> Commit fixes 5e2f30b756a37 "KVM: nVMX: get rid of nested_get_page()"
 carnil> needs to check if issue only introduced post/with 4.14-rc1.
Bugs:
upstream: released (4.20) [c2dd5146e9fe1f22c77c1b011adf84eea0245806]
4.19-upstream-stable: released (4.19.13) [1972ca04708330b0edd52956e644e3974065a613]
4.9-upstream-stable: N/A "Vulnerable code introduced later"
3.16-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (4.19.13-1)
4.9-stretch-security: N/A "Vulnerable code not present"
3.16-jessie-security: N/A "Vulnerable code not present"