kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix in setting the fpc register The function kvmarchvcpuioctlsetfpu allows for setting the floating-point control fpc register of a guest CPU. The new value is validated by temporarily loading it into the fpc register...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fixed a situation where a hard lockup occurs in the virtual machine after prolonged inactivity, caused by the periodic HV timer. When advancing the target expiration of the guest’s APIC timer in periodic mode, set the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86 – If the new GSI Global Service Interface route prevents the IRQ being posted directly to a vCPU, then the IRTE should be reset to host control. The IRTE should also be restored to host control if it is in MSI mode or in...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM – Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1’s MSRAMD64TSCRATIO has diverged from KVM’s...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMSAVE/VMLOAD emulation. The commit cc3ed80ae69f states that “KVM: nSVM: always use vmcb01 for vmsave/vmload of guest state”. This commit ensured that KVM always used vmcb01 for the fields controll...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protecting of L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. This ensures that the TDP MMU takes into...

Astra Linux - уязвимость в linux

A issue was discovered in Linux: improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and cause pages to be freed while still accessible by the VMM and guest. This allows users who have the ability to start and control a VM to read/write random pages of memory, potentially leading ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared The MMU context should be immediately reset when the SMM flag of the vCPU is cleared, so that the SMM flag in the MMU context is always synchronized with th...

Astra Linux - уязвимость в linux-5.10, linux

A flaw was discovered in KVM. When updating a guest’s page table entry, vmpgoff was incorrectly used as the offset to obtain the page’s pfn. Since vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Disabling support for virtualizing adaptive PEBS is necessary because KVM’s implementation is architecturally broken without an obvious/easy way to address this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with the guest value only before entering the .vcpurun loop. The conditional loading of hardware DR6 with the guest’s DR6 value is moved out of the core .vcpurun loop to fix a bug where KVM may load hardware wi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: guestmemfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guestmemfd instance, remove the bindings even if the guestmemfd file is dying, i.e., even if its file refcount has gone to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: When masking the value of MSRIA32PEBSENABLE for guests with specific vCPU values, it’s necessary to mask this value with the desired PEBSENABLE value of the vCPU. Simply consulting the host kernel’s host vs...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush the async PF workqueue when a vCPU is being destroyed. The async PF workqueue for each vCPU must always be flushed when a vCPU is clearing its completion queue, for example, when a VM and all its vCPUs are being...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Obtain source vCPUs from the source VM for SEV-ES intrahost migration Fixed a bug where KVM attempts to retrieve source vCPUs from the destination VM during intrahost migration. Retrieving the wrong vCPU not only causes...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM – Flushing pages under kvm-lock to fix a Use-After-Free error in svmregisterencregion It is necessary to flush the cached pages in svmregisterencregion before releasing kvm-lock to address use-after-free issues. In such...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify that the target vCPU is online in kvmgetvcpu It is necessary to explicitly verify that the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is “bad”, the nospec clamping...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest has not been configured with a GICv3, and the host is not capable of emulating GICv2, writing to any of the ICCSGIEL1 registers will...