CVE-2022-49932 Information

May 03, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

KVM: VMX: Do all initialization before exposing /dev/kvm to userspace

Call kvm_init() only after all setup is complete as kvm_init() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to create a VM before vmx_init() configures said list.

BUG: kernel NULL pointer dereference address: 0000000000000008 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [1] SMP CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ 988 Hardware name: QEMU Standard PC (Q35 + ICH9 2009) BIOS 0.0.0 02/06/2015 RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel] vmx_vcpu_load+0x16/0x60 [kvm_intel] kvm_arch_vcpu_load+0x32/0x1f0 [kvm] vcpu_load+0x2f/0x40 [kvm] kvm_arch_vcpu_create+0x231/0x310 [kvm] kvm_vm_ioctl+0x79f/0xe10 [kvm] ? handle_mm_fault+0xb1/0x220 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x2b/0x50 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass

Reference

https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985 https://git.kernel.org/stable/c/e28533c08023c4b319b7f2cd77f3f7c9204eb517 https://git.kernel.org/stable/c/e32b120071ea114efc0b4ddd439547750b85f618

Share on: