Linux Kernel KVM for s390 Guest ASCE Index Value Correction Vulnerability

A vulnerability exists in the Linux kernel's KVM module for s390 architecture, where the index value of the Address Space Control Element (ASCE) is not set correctly when the ASCE is replaced. This issue affects the stable versions of the Linux kernel. The incorrect index can lead to address mismappings during page table entry invalidations, potentially causing validity intercepts that crash the virtual machine if the unmapped prefix is notified with the wrong address.

Impact

This vulnerability can cause a virtual machine crash by triggering validity intercepts with incorrect address information, particularly after unmapping a prefix.

Reproduction

To reproduce this vulnerability, replace the ASCE in the KVM module for s390 guests without setting the index of the new ASCE to zero. This can be done by modifying the 's390_replace_asce' function in the 'gmap.c' file of the KVM module, ensuring that the ASCE index is not correctly initialized. Once the ASCE is replaced with the wrong index, the vulnerability can be observed when the notifier is called with the incorrect address, leading to a VM crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.