GHSA-WHX7-JG3X-M7FW
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-05-02 18:31In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
Reset the eVMCS controls in the per-CPU VP assist page during hardware disabling instead of waiting until kvm-intel's module exit. The controls are activated if and only if KVM creates a VM, i.e. don't need to be reset if hardware is never enabled.
Doing the reset during hardware disabling will naturally fix a potential NULL pointer deref bug once KVM disables CPU hotplug while enabling and disabling hardware (which is necessary to fix a variety of bugs). If the kernel is running as the root partition, the VP assist page is unmapped during CPU hot unplug, and so KVM's clearing of the eVMCS controls needs to occur with CPU hot(un)plug disabled, otherwise KVM could attempt to write to a CPU's VP assist page after it's unmapped.
{
"affected": [],
"aliases": [
"CVE-2022-49933"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:22Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling\n\nReset the eVMCS controls in the per-CPU VP assist page during hardware\ndisabling instead of waiting until kvm-intel\u0027s module exit. The controls\nare activated if and only if KVM creates a VM, i.e. don\u0027t need to be\nreset if hardware is never enabled.\n\nDoing the reset during hardware disabling will naturally fix a potential\nNULL pointer deref bug once KVM disables CPU hotplug while enabling and\ndisabling hardware (which is necessary to fix a variety of bugs). If the\nkernel is running as the root partition, the VP assist page is unmapped\nduring CPU hot unplug, and so KVM\u0027s clearing of the eVMCS controls needs\nto occur with CPU hot(un)plug disabled, otherwise KVM could attempt to\nwrite to a CPU\u0027s VP assist page after it\u0027s unmapped.",
"id": "GHSA-whx7-jg3x-m7fw",
"modified": "2025-05-02T18:31:32Z",
"published": "2025-05-02T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49933"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01aa8e5704bac9fcd7401eb1a74a375fba594203"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2916b70fc342719f570640de07251b7f91feebdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afb26bfc01db6ef4728e96314f08431934ffe833"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.