Linux Kernel KVM Interrupt Injection Vulnerability in AMD SVM

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) module for AMD processors has been identified. This issue arises from improper handling of interrupt injections when the GIF (Global Interrupt Flag) is cleared. Userspace can easily manipulate this situation using the KVM_SET_VCPU_EVENTS command, leading to a kernel panic. The vulnerability was introduced in version 5.17.0-rc3 and has been resolved in subsequent releases.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations by terminating the kernel process and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by injecting an interrupt into a virtual machine using KVM, while ensuring that the GIF is cleared. This can be done through the KVM_SET_VCPU_EVENTS ioctl, which allows userspace to modify VCPU event states, including the GIF. Once the interrupt is injected with the GIF off, the kernel will trigger a BUG, causing a crash.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.