APPLIED: [SRU][F/I/J][PATCH 0/1] CVE-2022-1789
stefan.bader at canonical.com
Tue Jun 21 15:23:36 UTC 2022
On 02.06.22 17:05, Cengiz Can wrote:
> From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
> With shadow paging enabled, the INVPCID instruction results in a call
> to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the
> invlpg callback is not set and the result is a NULL pointer dereference.
> [Other Info]
> * mmu->root_hpa was moved to mmu->root.hpa in 5.18-rc1
> (commit b9e5603c2a3accbadfec570ac501a54431a6bdba) and the fix was done
> according to that change. While backporting, we had to modify the patch
> to use mmu->root_hpa. This might cause merge conflicts in the future.
> * Target file resides in arch/x86/kvm instead of arch/x86/kvm/mmu in
> older kernels.
> Paolo Bonzini (1):
> KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
> arch/x86/kvm/mmu/mmu.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Applied to jammy,impish,focal:linux/master-next. Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the kernel-team