Bug 2038940 (CVE-2022-0171) - CVE-2022-0171 kernel: KVM: cache incoherence issue in SEV API may lead to kernel crash
Summary: CVE-2022-0171 kernel: KVM: cache incoherence issue in SEV API may lead to ker...
Keywords:
Status: NEW
Alias: CVE-2022-0171
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2040353 2040354 2040355 2040356 2084659
Blocks: 2038941 2038943
TreeView+ depends on / blocked
 
Reported: 2022-01-10 15:25 UTC by Pedro Sampaio
Modified: 2023-09-19 14:13 UTC (History)
46 users (show)

Fixed In Version: kernel 5.18-rc4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2022-01-10 15:25:11 UTC
The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports SEV.

Upstream fix:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91

Comment 2 juneau 2022-01-19 15:50:50 UTC
OSD notaffected.

Comment 3 Mauro Matteo Cascella 2022-05-12 15:27:32 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2084659]

Comment 4 Mauro Matteo Cascella 2022-05-13 08:33:27 UTC
In reply to comment #0:
> Upstream fix:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91

More specific commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b

Comment 5 Mauro Matteo Cascella 2022-05-13 08:40:18 UTC
AMD SEV-ES support was introduced in upstream kernel v5.10:

http://lkml.iu.edu/hypermail/linux/kernel/2010.1/05072.html

RHEL-6 and RHEL-7 kernels are not affected by this flaw as they did not include support for SEV-ES (not even SEV, FWIW).

Comment 7 Justin M. Forbes 2022-06-29 16:20:24 UTC
This was fixed for Fedora with the 5.18.4 stable kernel rebases.


Note You need to log in before you can comment on or make changes to this bug.