Linux Kernel KVM Guest XSAVE State XSTATE BV Management Vulnerability

A vulnerability exists in the Linux kernel's handling of the XSAVE state for virtual machines using KVM. When a guest VM updates its XFD state, the kernel may incorrectly manage the corresponding XSTATE_BV, leading to a #NM exception and kernel panic. This issue can arise if the guest executes a WRMSR to set XFD bits, and a host interrupt occurs before the KVM can properly update the XFD state. As a result, disabled features can be incorrectly marked as active, causing the XRSTOR instruction to fail and disrupt the kernel's operation.

Impact

This vulnerability can cause a #NM exception in the host, leading to a kernel panic. Such behavior disrupts normal operations and can cause service outages or application failures.

Reproduction

To reproduce this vulnerability, load a guest VM that executes WRMSR instructions to set XFD bits while using a preemptible kernel. Ensure that a host interrupt occurs before the VM's XFD state is updated, which will cause the XSTATE_BV management to fail. This can be observed by running a test program in the guest that triggers the XFD updates and monitoring the host for the resulting #NM exception and kernel panic.

Remediation

Users can update to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel can be found on the official Linux kernel website.