Linux Kernel KVM CPU Rescheduling Vulnerability During Memory Attribute Management

A vulnerability in the Linux kernel's KVM module can lead to CPU soft lockups on the host when managing memory attributes for SEV-SNP guests with over 1TB of memory. The issue arises in the 'kvm_vm_set_mem_attributes()' function, where the CPU can become unresponsive for extended periods, as reported by the kernel's watchdog. This problem has been observed in Linux kernel version 6.15.0-rc7, and is particularly pronounced when the virtual machine is handling large memory operations without allowing the scheduler to intervene.

Impact

The vulnerability can cause significant performance degradation on the host by leading to CPU soft lockups, where a processor becomes unresponsive for an extended period, disrupting normal task execution.

Reproduction

To reproduce this vulnerability, run an SEV-SNP guest on a system with the Linux kernel version 6.15.0-rc7.20250520.el9uek.rc1.x86_64. Ensure the guest has more than 1TB of memory. During the operation of the virtual machine, the host will experience CPU soft lockups, particularly on the CPU handling the KVM operation.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to mitigate this issue.