Linux Kernel KVM Hyper-V SEND_IPI Hypercall NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) component for x86 architecture has been addressed. The issue arose from improperly handling Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls when the local APIC (Advanced Programmable Interrupt Controller) was emulated in userspace. This oversight could lead to a NULL-pointer dereference, causing a crash. The vulnerability has been resolved by ensuring that these hypercalls are only accepted when the local APIC is managed by the kernel, thus preventing the NULL-pointer dereference error.

Impact

Exploitation of this vulnerability could lead to a NULL-pointer dereference, causing a crash of the affected virtual machine.

Reproduction

The vulnerability can be reproduced by exposing Hyper-V enlightenments to a guest virtual machine while the local APIC is emulated in userspace. This can be done by configuring the virtual machine to use Hyper-V features without ensuring that the local APIC is properly virtualized by KVM.