CVE-2022-1789 Information

Description

With shadow paging enabled the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0 the invlpg callback is not set and the result is a NULL pointer dereference.

Reference

https://francozappa.github.io/about-bias/ https://kb.cert.org/vuls/id/647177/ https://bugzilla.redhat.com/show_bug.cgi?id=1832397 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN/