Linux Kernel KVM NX Bit Handling Vulnerability in NPT

A vulnerability in the Linux kernel's KVM component affects the handling of the NX (No Execute) bit when using Nested Page Tables (NPT). KVM has required NX support for AMD's Secure Virtual Machine (SVM) since a specific commit, but it appears that NPT was not properly tested with the NX huge page mitigation enabled. As a result, a reserved bit in the Shadow Page Table Entry (SPTE) was incorrectly set, triggering a warning. This issue could potentially be exploited under certain conditions, such as when the NX huge page mitigation is active.

Impact

The vulnerability could lead to incorrect page table entry handling, potentially allowing for unauthorized execution of code or manipulation of memory in a way that could be exploited.

Reproduction

To reproduce this vulnerability, enable the NX huge page mitigation in a KVM environment with AMD SVM support. Then, create a virtual machine that uses Nested Page Tables. The vulnerability will manifest as a warning about reserved bits being improperly set in the Shadow Page Table Entry, indicating that the NX bit was not handled correctly.