[SRU][OEM-6.1/L/M][PATCH 0/1] CVE-2023-5090
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Oct 25 20:08:26 UTC 2023
[Impact]
Assuming that the guest's apic was in x2apic mode, reseting its apic
will bring it back to the xapic mode. In this case, an erroneous check
statement prevents an interception function from doing anything,
exposing bare metal environment to the guest, leading to denial of
service.
[Backport]
For Mantic it is a clean cherry pick.
For Lunar and Jammy-OEM-6.1, there is a refactoring commit f628a34a9d52
("KVM: SVM: Replace "avic_mode" enum with "x2avic_enabled" boolean")
causing a conflict. Ignoring this refactoring and manually removing the
erroneous check statement does the work.
[Test]
Compile and boot tested.
[Potential Regression]
Expect low regression potential limited in AMD users.
Maxim Levitsky (1):
x86: KVM: SVM: always update the x2avic msr interception
arch/x86/kvm/svm/svm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list