Bug 2130278 (CVE-2022-3344)

Summary: CVE-2022-3344 kernel: KVM: SVM: nested shutdown interception could lead to host crash
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, bhu, brdeoliv, chwhite, crwood, ddepaula, debarbos, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, junzhao, jwyatt, kcarcia, kernel-mgr, lgoncalv, lzampier, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, tyberry, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.1-rc7 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2134351, 2134352, 2134353, 2134354, 2136837    
Bug Blocks: 2130248    

Description Mauro Matteo Cascella 2022-09-27 16:56:04 UTC 
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).
Comment 3 Mauro Matteo Cascella 2022-10-21 15:07:41 UTC 
Upstream patch:
https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
Comment 4 Mauro Matteo Cascella 2022-10-21 15:08:12 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2136837]
Comment 6 Mauro Matteo Cascella 2023-01-11 11:24:11 UTC 
Upstream commit:
https://github.com/torvalds/linux/commit/ed129ec9057f89d615ba0c81a4984a90345a1684
Comment 7 Justin M. Forbes 2023-01-19 23:00:26 UTC 
This was fixed for Fedora with the 6.0.11 stable kernel updates.
Comment 8 junzhao 2023-02-16 08:23:06 UTC 
Hello ,


I noticed that the bugs raised in kernel side are CLOSED WONTFIX , are we going to still track this issue?



Thanks.
Comment 9 Mauro Matteo Cascella 2023-02-16 21:46:06 UTC 
In reply to comment #8:
> I noticed that the bugs raised in kernel side are CLOSED WONTFIX , are we
> going to still track this issue?

Hi, not sure what you mean by "track this issue" but the answer is most likely no, there are no plans to address this issue in RHEL. Please refer to https://access.redhat.com/security/cve/CVE-2022-3344.