Back to bug 2213802

Who When What Removed Added
Mauro Matteo Cascella 2023-06-09 12:51:46 UTC CC security-response-team
Mauro Matteo Cascella 2023-06-09 12:54:11 UTC Depends On 2213807, 2213805, 2213808, 2213806
Mauro Matteo Cascella 2023-06-09 13:34:40 UTC Doc Text A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can theoretically trigger a stack overflow and cause a denial-of-service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).
Mauro Matteo Cascella 2023-06-09 13:42:35 UTC Doc Text A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can theoretically trigger a stack overflow and cause a denial-of-service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can theoretically trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).
sushil kulkarni 2023-06-09 14:36:29 UTC CC sukulkar
Flags needinfo?(sukulkar)
CC ymankad
Flags needinfo?(sukulkar) needinfo?(ymankad)
Mauro Matteo Cascella 2023-06-13 12:13:30 UTC CC bdas
Yash Mankad 2023-06-27 19:36:12 UTC Flags needinfo?(ymankad)
Red Hat Bugzilla 2023-07-07 08:27:46 UTC Assignee security-response-team nobody
CC security-response-team security-response-team
Mauro Matteo Cascella 2023-08-02 15:19:05 UTC CC pbonzini
Vitaly Kuznetsov 2023-08-03 07:56:11 UTC CC vkuznets
Mauro Matteo Cascella 2023-08-04 15:21:47 UTC Summary EMBARGOED kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability EMBARGOED CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
Alias CVE-2023-4155
Paige Jung 2023-08-04 16:16:12 UTC Doc Text A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can theoretically trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).
Mauro Matteo Cascella 2023-08-07 07:29:54 UTC CC kernel-mgr, tglozar
Group security, qe_staff
Summary EMBARGOED CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
Mauro Matteo Cascella 2023-08-07 07:30:21 UTC Depends On 2229642

Back to bug 2213802