Linux Kernel KVM Guest PTE A/D Bits Update Vulnerability

A vulnerability in the Linux kernel's KVM component for x86 architecture has been addressed. The issue involved the incorrect handling of guest Page Table Entry (PTE) Access/Dirty bits. Previously, the PTE was mapped into the kernel address space to update these bits, which was conceptually flawed. This approach worked for the original scenario of backing guest memory with /dev/mem' but resulted in accessing arbitrary physical frame numbers in most other VM_PFNMAP cases. The vulnerability has been resolved by using the newly introduced __try_cmpxchg_user() function to update the guest PTE A/D bits more accurately.

Impact

Exploitation of this vulnerability could lead to incorrect management of guest memory PTEs, potentially allowing for unintended access to physical memory pages.