Bug 2038940 (CVE-2022-0171)

Summary: CVE-2022-0171 kernel: KVM: cache incoherence issue in SEV API may lead to kernel crash
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, blc, chwhite, crwood, ddepaula, dvlasenk, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, steved, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.18-rc4 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2040353, 2040354, 2040355, 2040356, 2084659    
Bug Blocks: 2038941, 2038943    

Description Pedro Sampaio 2022-01-10 15:25:11 UTC 
The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports SEV.

Upstream fix:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91
Comment 2 juneau 2022-01-19 15:50:50 UTC 
OSD notaffected.
Comment 3 Mauro Matteo Cascella 2022-05-12 15:27:32 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2084659]
Comment 4 Mauro Matteo Cascella 2022-05-13 08:33:27 UTC 
In reply to comment #0:
> Upstream fix:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91

More specific commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b
Comment 5 Mauro Matteo Cascella 2022-05-13 08:40:18 UTC 
AMD SEV-ES support was introduced in upstream kernel v5.10:

http://lkml.iu.edu/hypermail/linux/kernel/2010.1/05072.html

RHEL-6 and RHEL-7 kernels are not affected by this flaw as they did not include support for SEV-ES (not even SEV, FWIW).
Comment 7 Justin M. Forbes 2022-06-29 16:20:24 UTC 
This was fixed for Fedora with the 5.18.4 stable kernel rebases.