fkie_cve-2022-49610
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL value is written, and the vmenter. Balanced returns (matched by a preceding call) are usually ok, but it's at least theoretically possible an NMI with a deep call stack could empty the RSB before one of the returns. For maximum paranoia, don't allow *any* returns (balanced or otherwise) between the SPEC_CTRL write and the vmenter. [ bp: Fix 32-bit build. ]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/07853adc29a058c5fd143c14e5ac528448a72ed9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Prevent RSB underflow before vmenter\n\nOn VMX, there are some balanced returns between the time the guest\u0027s\nSPEC_CTRL value is written, and the vmenter.\n\nBalanced returns (matched by a preceding call) are usually ok, but it\u0027s\nat least theoretically possible an NMI with a deep call stack could\nempty the RSB before one of the returns.\n\nFor maximum paranoia, don\u0027t allow *any* returns (balanced or otherwise)\nbetween the SPEC_CTRL write and the vmenter.\n\n  [ bp: Fix 32-bit build. ]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: Evitar el desbordamiento de RSB antes de vmenter En VMX, hay algunos retornos equilibrados entre el momento en que se escribe el valor SPEC_CTRL del invitado y el vmenter. Los retornos equilibrados (que coinciden con una llamada anterior) suelen ser correctos, pero al menos es te\u00f3ricamente posible que un NMI con una pila de llamadas profunda pueda vaciar el RSB antes de uno de los retornos. Para m\u00e1xima paranoia, no permita *ning\u00fan* retorno (equilibrado o de otro tipo) entre la escritura de SPEC_CTRL y el vmenter. [ bp: Arreglar compilaci\u00f3n de 32 bits. ]"
    }
  ],
  "id": "CVE-2022-49610",
  "lastModified": "2025-02-26T07:01:36.463",
  "metrics": {},
  "published": "2025-02-26T07:01:36.463",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/07853adc29a058c5fd143c14e5ac528448a72ed9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.