Linux Kernel SNP Cache Coherency Vulnerability Mitigated by Cache Line Eviction

A vulnerability in the Linux kernel's handling of Secure Nested Paging (SNP) can lead to cache coherency issues. This vulnerability requires a specific mitigation—evicting cache lines—when validating memory after a page state change to private. The mitigation involves touching the first and last byte of each 4K page being validated. The vulnerability is present in the Linux kernel's stable releases, specifically in the x86 architecture with AMD processors that support SEV (Secure Encrypted Virtualization). The vulnerability arises because, after changing a page's state to private, the cache lines can become inconsistent, potentially leading to data leakage or corruption.

Impact

The vulnerability could cause cache coherency issues, leading to inconsistent data being read or written, which could be exploited to leak sensitive information or corrupt data in memory.

Reproduction

To reproduce this vulnerability, change the state of a page to private in a SNP-enabled environment on an affected AMD processor. If the COHERENCY_SFW_NO CPUID bit is not set, indicating that the software mitigation is needed, the cache line eviction should be performed to avoid the coherency issue.

Remediation

The vulnerability has been addressed in the Linux kernel by implementing the cache line eviction mitigation. Users should ensure they are running a version of the kernel that includes this mitigation.