ACK: [SRU][F/I/J/OEM-5.14/OEM-5.17][PATCH 0/1] CVE-2022-1789

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Thu Jun 9 14:36:33 UTC 2022


Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>

On Thu, Jun 2, 2022 at 8:06 AM Cengiz Can <cengiz.can at canonical.com> wrote:

> [Impact]
>
>  From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
>
> With shadow paging enabled, the INVPCID instruction results in a call
> to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the
> invlpg callback is not set and the result is a NULL pointer dereference.
>
> [Other Info]
>
> * mmu->root_hpa was moved to mmu->root.hpa in 5.18-rc1
> (commit b9e5603c2a3accbadfec570ac501a54431a6bdba) and the fix was done
> according to that change. While backporting, we had to modify the patch
> to use mmu->root_hpa. This might cause merge conflicts in the future.
>
> * Target file resides in arch/x86/kvm instead of arch/x86/kvm/mmu in
> older kernels.
>
> Paolo Bonzini (1):
>   KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
>
>  arch/x86/kvm/mmu/mmu.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220609/0f3137bd/attachment.html>


More information about the kernel-team mailing list