retired/CVE-2022-1158


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
References:
 https://www.openwall.com/lists/oss-security/2022/04/08/4
Notes:
 carnil> Introduced by bd53cb35a3e9 ("X86/KVM: Handle PFNs outside of
 carnil> kernel reach when touching GPTEs") in 5.2-rc1.
 carnil> For 5.16.y fixed in 5.16.19 and for 5.17.y fixed in 5.17.2.
Bugs:
upstream: released (5.18-rc1) [2a8859f373b0a86f0ece8ec8312607eacf12485d]
5.10-upstream-stable: released (5.10.110) [e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f]
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.17.3-1)
5.10-bullseye-security: released (5.10.113-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"