CVE-2022-49886

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
02/05/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/tdx: Panic on bad configs that #VE on "private" memory access<br /> <br /> All normal kernel memory is "TDX private memory". This includes<br /> everything from kernel stacks to kernel text. Handling<br /> exceptions on arbitrary accesses to kernel memory is essentially<br /> impossible because they can happen in horribly nasty places like<br /> kernel entry/exit. But, TDX hardware can theoretically _deliver_<br /> a virtualization exception (#VE) on any access to private memory.<br /> <br /> But, it&amp;#39;s not as bad as it sounds. TDX can be configured to never<br /> deliver these exceptions on private memory with a "TD attribute"<br /> called ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this<br /> attribute, but it can check it.<br /> <br /> Ensure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it<br /> is unset. There is no sane way for Linux to run with this<br /> attribute clear so a panic() is appropriate.<br /> <br /> There&amp;#39;s small window during boot before the check where kernel<br /> has an early #VE handler. But the handler is only for port I/O<br /> and will also panic() as soon as it sees any other #VE, such as<br /> a one generated by a private memory access.<br /> <br /> [ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().<br /> Add Kirill&amp;#39;s tested-by because I made changes since<br /> he wrote this. ]

Impact