The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports SEV. Upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91
OSD notaffected.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2084659]
In reply to comment #0: > Upstream fix: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91 More specific commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b
AMD SEV-ES support was introduced in upstream kernel v5.10: http://lkml.iu.edu/hypermail/linux/kernel/2010.1/05072.html RHEL-6 and RHEL-7 kernels are not affected by this flaw as they did not include support for SEV-ES (not even SEV, FWIW).
This was fixed for Fedora with the 5.18.4 stable kernel rebases.