Linux Kernel vhost_vdpa Large Memory Unmap Crash Vulnerability

A crash vulnerability has been identified in the Linux kernel's vhost_vdpa component, specifically within the stable group. This issue arises when the guest unmaps a large amount of memory, leading to a kernel crash. The problem has been observed during testing with vIOMMU. The crash is triggered by an invalid opcode error, which occurs after the kernel attempts to process the unmap operation for a large memory range. The vulnerability affects Linux kernel versions prior to 6.0.0.

Impact

The vulnerability causes a kernel crash, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using QEMU to emulate a guest that unmaps a large amount of memory while the host system is running a vulnerable version of the Linux kernel. This can be done by configuring the virtual machine to use vIOMMU and then performing operations that trigger the unmap of large memory regions.

Remediation

Users can upgrade to Linux kernel version 6.0.0 or later, where this vulnerability has been addressed.