CVE-2022-49886
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
02/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
x86/tdx: Panic on bad configs that #VE on "private" memory access<br />
<br />
All normal kernel memory is "TDX private memory". This includes<br />
everything from kernel stacks to kernel text. Handling<br />
exceptions on arbitrary accesses to kernel memory is essentially<br />
impossible because they can happen in horribly nasty places like<br />
kernel entry/exit. But, TDX hardware can theoretically _deliver_<br />
a virtualization exception (#VE) on any access to private memory.<br />
<br />
But, it&#39;s not as bad as it sounds. TDX can be configured to never<br />
deliver these exceptions on private memory with a "TD attribute"<br />
called ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this<br />
attribute, but it can check it.<br />
<br />
Ensure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it<br />
is unset. There is no sane way for Linux to run with this<br />
attribute clear so a panic() is appropriate.<br />
<br />
There&#39;s small window during boot before the check where kernel<br />
has an early #VE handler. But the handler is only for port I/O<br />
and will also panic() as soon as it sees any other #VE, such as<br />
a one generated by a private memory access.<br />
<br />
[ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().<br />
Add Kirill&#39;s tested-by because I made changes since<br />
he wrote this. ]