Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp269787rbe; Wed, 28 Feb 2024 21:21:21 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWRZuOkfM5Rsex+/VQotf5iCZHoIqyYVjpi+zTD1q0z6xaCtbHMmAeQCDCoavSoBCZ67SJXd2QVDTXLH4ZIDdrhjn++5u0Ga4kOrAVFhw== X-Google-Smtp-Source: AGHT+IFDJgmH77Tghs38uo64DW+KUup1I3EoA39NkbFRheLcE3X8Rpd3GOtZmvpsOJofrEcNhbsu X-Received: by 2002:a05:6402:618:b0:566:4624:b121 with SMTP id n24-20020a056402061800b005664624b121mr620148edv.35.1709184081599; Wed, 28 Feb 2024 21:21:21 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709184081; cv=pass; d=google.com; s=arc-20160816; b=m1TOvxWMI7iixcJCrIYyeilm6EZco0n7rqXK676FUI/xK+kule5PVaseoT3vXa++DN 3FVJOsqq6DUznlJ3Jo+t2QHzzCNcH8SCFjX41O+ZtCmg81F6ij4Z8lxihmvjP91bdbZO bYKWW0BfBIY2qRR3PoYeWgvfEXC8Wol3QoueCrpL7Tq8f3Wtob1Ru0Rbm22Yb0jMGx2B rNlA4wGNY7ZQahqUdh0xN58VR2Uj980+zvtjsa9o37ZGCCG9wWiibimlQBDY1uMmIRkw +tZXfcD1iqUhpKye0miEK+n69X8dOfQOs13RJkR8ES35jI2xksDSKjkGmtJiIshtdXbB yX9Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=1NdfEQZ1ME76uyJnRjUh7CTOunbl4mTqqbij/ExFnzE=; fh=85OQ3i8mgEhuVx7TZIVD1YG/EwsoyU8r1mIMa5tb+tQ=; b=pWa5t/JF/3vBQJDBmHw+Kp4bnckH+xvS+ecSRR6l7nleuAIytYHmjrtRWhaarQUQCS 72SuvrbLxBGBuEpySI2zx1TIPVeSCU9W6hsnjt3vNscxUjkDRDLLOQAbw0OxggCzOiOG 8T457OKOakIWPzy9c1JqVN2mdfbMobqiRQzkhMpA9ZIwYsZJLOXRJzoee4qBBX+yza4+ R0s3dD0xawErJPnXRAQ91M00uL3lCVoYxykcJwFBs8lUT5pHoxN4C1DAtSPcMQpE3hV9 KNgPI3TYxsyWlKaRUGAsiNOvmx0E/tKFW7xjDDe1dYEcYm4NcbK1npP0wtFRBAwwK5oQ JABQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mRqTuSmi; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-86132-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86132-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id d21-20020a50f695000000b0056491a3421dsi258085edn.643.2024.02.28.21.21.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Feb 2024 21:21:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-86132-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mRqTuSmi; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-86132-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86132-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 5CE5D1F22CED for ; Thu, 29 Feb 2024 05:21:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8A0873A1BF; Thu, 29 Feb 2024 05:21:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mRqTuSmi" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B106B3984D; Thu, 29 Feb 2024 05:21:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709184070; cv=none; b=q65FL0urxyRiM/r4MrWEUCpNb9Rwfoa13QUDfO+jDlaK95ruInBTQ/er/OE+pjj2O4J/B6fVuA8SN2+YGs6VN0/rLf0/vtiPBSsezJCRo7lQe7a5Nf5HCpTbgcaZe40avWbn+us2m7679hM/zUwZQaj3x/thY9r/KLD/gXnmmJ8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709184070; c=relaxed/simple; bh=DHiWzPoy1kmOKKN7UVFFQWx2TovKkknoFp+snJK8Osw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=RODTkiOvvhpuLqWv3FZqqoVOaqELbEiQp6v5uwYZ/Qiyk9UB4gVVBenZbBrwGvghF/Yga/BjuDKm3NfH/q7ZshCBllehYldhKV00fwzlBTshtLigDcSWxDE9vRq/Xxj70PSFa9ldjzfYRaMLWWBBaiA4hlddDkWhaKzB8w6R4JY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mRqTuSmi; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D11E1C433F1; Thu, 29 Feb 2024 05:21:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709184070; bh=DHiWzPoy1kmOKKN7UVFFQWx2TovKkknoFp+snJK8Osw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mRqTuSmirBwMmznqcSKqYz8VGmpkPXcOSm7ezRsKOqrlQP4DKqMOAs4HU8lYI3TR3 HT06mNSjpPq5Vi2ZIJvYAmKu3uK60CDKjO2mDD7OMlRGWDicNyhz1VLhKke0yyhaTf 1tWfqw78tJCFQ+/juWqm2IjUg9r4tJFp2Tpmx1qntPBxaFrY7Jp7g3spBIjjyJ/pJ2 vy3xbeHFe3l3RmVm0cQi+tr84qomrmqC4MWbqmJzsJ0P/eqjVwUTgIpjhQyFP3aw0d pgSZbjIZPLt0+KrNhBenNV3ChOmK0BzJ63+NssbMNPy2L5ljdpjouGxzQ2D86j0P9M WnYxxI5CFP0ig== Date: Thu, 29 Feb 2024 06:21:04 +0100 From: Greg KH To: Paolo Bonzini Cc: cve@kernel.org, linux-kernel@vger.kernel.org, KVM list , Vitaly Kuznetsov Subject: Re: CVE-2021-46978: KVM: nVMX: Always make an attempt to map eVMCS after migration Message-ID: <2024022905-barrette-lividly-c312@gregkh> References: <2024022822-CVE-2021-46978-3516@gregkh> <54595439-1dbf-4c3c-b007-428576506928@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54595439-1dbf-4c3c-b007-428576506928@redhat.com> On Wed, Feb 28, 2024 at 11:09:50PM +0100, Paolo Bonzini wrote: > On 2/28/24 09:14, Greg Kroah-Hartman wrote: > > From: gregkh@kernel.org > > > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > KVM: nVMX: Always make an attempt to map eVMCS after migration > > How does this break the confidentiality, integrity or availability of the > host kernel? It's a fix for a failure to restart the guest after migration. > Vitaly can confirm. It's a fix for the availability of the guest kernel, which now can not boot properly, right? That's why this was selected. If this is not correct, I will be glad to revoke this. > Apparently the authority to "dispute or modify an assigned CVE lies solely > with the maintainers", but we don't have the authority to tell you in > advance that a CVE is crap, so please consider this vulnerability to be > disputed. Great, but again, not allowing the guest kernel to boot again feels like an "availability" issue to me. If not, we can revoke this. > Unlike what we discussed last week: > > - the KVM list is not CC'd so whoever sees this reply will have to find the > original message on their own Adding a cc: to the subsystem mailing list for the CVEs involved can be done, but would it really help much? > - there is no list gathering all the discussions/complaints about these > CVEs, since I cannot reply to linux-cve-announce@vger.kernel.org. That's what lkml is for, and is why the "Reply-to:" is set on the linux-cve-announce emails. Creating yet-another-list isn't really going to help much. Also, this is part of the "import the GSD database into CVE" which the CVE project asked us to do, which is why these "old" issues are popping up now. thanks, greg k-h