From: Greg KH <gregkh@kernel.org>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
KVM list <kvm@vger.kernel.org>,
Vitaly Kuznetsov <vkuznets@redhat.com>
Subject: Re: CVE-2021-46978: KVM: nVMX: Always make an attempt to map eVMCS after migration
Date: Thu, 29 Feb 2024 06:21:04 +0100 [thread overview]
Message-ID: <2024022905-barrette-lividly-c312@gregkh> (raw)
In-Reply-To: <54595439-1dbf-4c3c-b007-428576506928@redhat.com>
On Wed, Feb 28, 2024 at 11:09:50PM +0100, Paolo Bonzini wrote:
> On 2/28/24 09:14, Greg Kroah-Hartman wrote:
> > From: gregkh@kernel.org
> >
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > KVM: nVMX: Always make an attempt to map eVMCS after migration
>
> How does this break the confidentiality, integrity or availability of the
> host kernel? It's a fix for a failure to restart the guest after migration.
> Vitaly can confirm.
It's a fix for the availability of the guest kernel, which now can not
boot properly, right? That's why this was selected. If this is not
correct, I will be glad to revoke this.
> Apparently the authority to "dispute or modify an assigned CVE lies solely
> with the maintainers", but we don't have the authority to tell you in
> advance that a CVE is crap, so please consider this vulnerability to be
> disputed.
Great, but again, not allowing the guest kernel to boot again feels like
an "availability" issue to me. If not, we can revoke this.
> Unlike what we discussed last week:
>
> - the KVM list is not CC'd so whoever sees this reply will have to find the
> original message on their own
Adding a cc: to the subsystem mailing list for the CVEs involved can be
done, but would it really help much?
> - there is no list gathering all the discussions/complaints about these
> CVEs, since I cannot reply to linux-cve-announce@vger.kernel.org.
That's what lkml is for, and is why the "Reply-to:" is set on the
linux-cve-announce emails. Creating yet-another-list isn't really going
to help much.
Also, this is part of the "import the GSD database into CVE" which the
CVE project asked us to do, which is why these "old" issues are popping
up now.
thanks,
greg k-h
next prev parent reply other threads:[~2024-02-29 5:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024022822-CVE-2021-46978-3516@gregkh>
2024-02-28 22:09 ` CVE-2021-46978: KVM: nVMX: Always make an attempt to map eVMCS after migration Paolo Bonzini
2024-02-29 5:21 ` Greg KH [this message]
2024-02-29 8:08 ` Vitaly Kuznetsov
2024-02-29 10:04 ` Paolo Bonzini
2024-02-29 14:34 ` Theodore Ts'o
2024-02-29 20:53 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024022905-barrette-lividly-c312@gregkh \
--to=gregkh@kernel.org \
--cc=cve@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox