[SRU][F/I/J/OEM-5.14/OEM-5.17][PATCH 0/1] CVE-2022-1789

Cengiz Can cengiz.can at canonical.com
Thu Jun 2 15:05:09 UTC 2022


 From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call 
to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the 
invlpg callback is not set and the result is a NULL pointer dereference.

[Other Info]

* mmu->root_hpa was moved to mmu->root.hpa in 5.18-rc1 
(commit b9e5603c2a3accbadfec570ac501a54431a6bdba) and the fix was done
according to that change. While backporting, we had to modify the patch
to use mmu->root_hpa. This might cause merge conflicts in the future.

* Target file resides in arch/x86/kvm instead of arch/x86/kvm/mmu in
older kernels.

Paolo Bonzini (1):
  KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID

 arch/x86/kvm/mmu/mmu.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


More information about the kernel-team mailing list