An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 | third party advisory exploit |
| http://www.openwall.com/lists/oss-security/2021/06/26/1 | mailing list |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ | vendor advisory |
| https://security.netapp.com/advisory/ntap-20210708-0002/ | third party advisory |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | third party advisory mailing list |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | third party advisory mailing list |