Headline
CVE-2016-10150: KVM: use after free in kvm_ioctl_create_device() · torvalds/linux@a0f1d21
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
Browse files
KVM: use after free in kvm_ioctl_create_device()
We should move the ops->destroy(dev) after the list_del(&dev->vm_node) so that we don’t use “dev” after freeing it.
Fixes: a28ebea (“KVM: Protect device ops->create and list_add with kvm->lock”) Signed-off-by: Dan Carpenter [email protected] Reviewed-by: David Hildenbrand [email protected] Signed-off-by: Radim Krčmář [email protected]
- Loading branch information
Dan Carpenter authored and rkrcmar committed
Dec 1, 2016
1 parent 0f4828a commit a0f1d21c1ccb1da66629627a74059dd7f5ac9c61