CVE-2022-48727

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Avoid consuming a stale esr value when SError occur<br /> <br /> When any exception other than an IRQ occurs, the CPU updates the ESR_EL2<br /> register with the exception syndrome. An SError may also become pending,<br /> and will be synchronised by KVM. KVM notes the exception type, and whether<br /> an SError was synchronised in exit_code.<br /> <br /> When an exception other than an IRQ occurs, fixup_guest_exit() updates<br /> vcpu-&gt;arch.fault.esr_el2 from the hardware register. When an SError was<br /> synchronised, the vcpu esr value is used to determine if the exception<br /> was due to an HVC. If so, ELR_EL2 is moved back one instruction. This<br /> is so that KVM can process the SError first, and re-execute the HVC if<br /> the guest survives the SError.<br /> <br /> But if an IRQ synchronises an SError, the vcpu&amp;#39;s esr value is stale.<br /> If the previous non-IRQ exception was an HVC, KVM will corrupt ELR_EL2,<br /> causing an unrelated guest instruction to be executed twice.<br /> <br /> Check ARM_EXCEPTION_CODE() before messing with ELR_EL2, IRQs don&amp;#39;t<br /> update this register so don&amp;#39;t need to check.