CVE-2020-8834 — Context Switching Race Condition in Kernel
Severity
6.5MEDIUMNVD
OSV7.1OSV5.5
EPSS
0.1%
top 74.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateAug 13
Description
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0
Affected Packages5 packages
Also affects: Ubuntu Linux 16.04, 18.04
🔴Vulnerability Details
6GHSA▶
GHSA-7fx7-755p-qmjj: KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore↗2022-05-24
OSV▶
CVE-2020-8834: KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore↗2020-04-09