5.5

CVE-2024-55881

KVM: x86: Play nice with protected guests in complete_hypercall_exit()

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Play nice with protected guests in complete_hypercall_exit()

Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit
hypercall when completing said hypercall.  For guests with protected state,
e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit
mode as the vCPU state needed to detect 64-bit mode is unavailable.

Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE
hypercall via VMGEXIT trips the WARN:

  ------------[ cut here ]------------
  WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]
  Modules linked in: kvm_amd kvm ... [last unloaded: kvm]
  CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470
  Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024
  RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]
  Call Trace:
   <TASK>
   kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]
   kvm_vcpu_ioctl+0x54f/0x630 [kvm]
   __se_sys_ioctl+0x6b/0xc0
   do_syscall_64+0x83/0x160
   entry_SYSCALL_64_after_hwframe+0x76/0x7e
   </TASK>
  ---[ end trace 0000000000000000 ]---
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.5 < 5.15.176
LinuxLinux Kernel Version >= 5.16.1 < 6.1.122
LinuxLinux Kernel Version >= 6.2 < 6.6.68
LinuxLinux Kernel Version >= 6.7 < 6.12.7
LinuxLinux Kernel Version5.16 Update-
LinuxLinux Kernel Version5.16 Updaterc2
LinuxLinux Kernel Version5.16 Updaterc3
LinuxLinux Kernel Version5.16 Updaterc4
LinuxLinux Kernel Version5.16 Updaterc5
LinuxLinux Kernel Version5.16 Updaterc6
LinuxLinux Kernel Version5.16 Updaterc7
LinuxLinux Kernel Version5.16 Updaterc8
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.101
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb
Patch
https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3
Patch
https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6
Patch
https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349
Patch
https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html