Linux Kernel KVM FPSIMD/SVE/SME State Management Vulnerability

A vulnerability in the Linux kernel's KVM component for arm64 architecture has been identified, related to the management of the host's FPSIMD, SVE, and SME states. The issue arises because the hypervisor code lazily saves these states, leading to several problems. For instance, the host SVE state can be unexpectedly lost due to inconsistent configurations, causing crashes in QEMU when SVE is used by certain functions. Additionally, the SVE state is discarded after being modified by ptrace, creating an unintentional change in the ptrace ABI. There are also cases where the host FPMR value is not properly saved when running non-protected VMs that use FPSIMD/SVE, leaving outdated values in memory. This vulnerability affects all stable versions of the Linux kernel.

Impact

The vulnerability can lead to improper management of the host's FPSIMD, SVE, and SME states, causing unexpected behavior in virtual machines, such as crashes or incorrect processing of data.

Remediation

Users can apply the latest patches available in the Linux kernel's stable branch to address this vulnerability.