CVE-2022-49932

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace<br /> <br /> Call kvm_init() only after _all_ setup is complete, as kvm_init() exposes<br /> /dev/kvm to userspace and thus allows userspace to create VMs (and call<br /> other ioctls). E.g. KVM will encounter a NULL pointer when attempting to<br /> add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to<br /> create a VM before vmx_init() configures said list.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> #PF: supervisor write access in kernel mode<br /> #PF: error_code(0x0002) - not-present page<br /> PGD 0 P4D 0<br /> Oops: 0002 [#1] SMP<br /> CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015<br /> RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]<br /> <br /> vmx_vcpu_load+0x16/0x60 [kvm_intel]<br /> kvm_arch_vcpu_load+0x32/0x1f0 [kvm]<br /> vcpu_load+0x2f/0x40 [kvm]<br /> kvm_arch_vcpu_create+0x231/0x310 [kvm]<br /> kvm_vm_ioctl+0x79f/0xe10 [kvm]<br /> ? handle_mm_fault+0xb1/0x220<br /> __x64_sys_ioctl+0x80/0xb0<br /> do_syscall_64+0x2b/0x50<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> RIP: 0033:0x7f5a6b05743b<br /> <br /> Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass