Bug 2248122 (CVE-2023-5090) - CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
Summary: CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_intercep...
Keywords:
Status: NEW
Alias: CVE-2023-5090
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2248123
Blocks: 2239886
TreeView+ depends on / blocked
 
Reported: 2023-11-06 10:19 UTC by Mauro Matteo Cascella
Modified: 2024-04-02 11:21 UTC (History)
44 users (show)

Fixed In Version: kernel 6.6-rc7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-11-06 10:19:06 UTC 
An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

Upstream patch & commit:
https://lore.kernel.org/kvm/20230928173354.217464-1-mlevitsk@redhat.com/T
https://github.com/torvalds/linux/commit/b65235f6e102354ccafda601eaa1c5bef5284d21
Comment 1 Mauro Matteo Cascella 2023-11-06 10:19:32 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248123]
Comment 4 Justin M. Forbes 2023-11-08 18:06:46 UTC 
This was fixed for Fedora with the 6.5.9 stable kernel updates.
Note You need to log in before you can comment on or make changes to this bug.