Linux Kernel Double-Buffering Vulnerability in SEV-Guest Component Allows Information Leakage and Message Integrity Tampering

A vulnerability exists in the Linux kernel's SEV-guest component, where encryption algorithms improperly read from and write to shared unencrypted memory. This flaw could lead to information leakage and allow the host to interfere with message integrity. The issue arises because whole messages are not copied in or out as needed before processing, creating a risk of data exposure and manipulation.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure and integrity violations of messages exchanged between the guest and host.

Reproduction

The vulnerability can be reproduced by using a virtual machine that employs AMD's Secure Encrypted Virtualization (SEV) feature, specifically with SEV-Guest. When the guest sends or receives messages through the SEV-Guest interface, the encryption process will inadvertently expose data by using shared unencrypted memory. This can be observed by monitoring the message exchange between the guest and host, where unencrypted information may be leaked or where the host could tamper with the message contents.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched kernel are available on the Linux Kernel Archives.