A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service. Reference: https://www.openwall.com/lists/oss-security/2022/05/25/2
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2090724]
Upstream fix: https://github.com/torvalds/linux/commit/9f46c187e2e680ecd9de7983e4d081c3391acc76
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2148 https://access.redhat.com/errata/RHSA-2023:2148
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2458 https://access.redhat.com/errata/RHSA-2023:2458
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2736 https://access.redhat.com/errata/RHSA-2023:2736
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2951 https://access.redhat.com/errata/RHSA-2023:2951
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1789