Linux Kernel KVM nSVM VMLOAD VMSAVE Emulation Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) component for non-Secure Virtual Machine (nSVM) has been addressed. The issue arose because the VMLOAD and VMSAVE emulation code did not consistently use the correct Virtual Machine Control Block (VMCB) version, which could lead to incorrect guest state management. This vulnerability affects the Linux kernel's stable releases.

Impact

The vulnerability could cause improper handling of guest state in virtualized environments, potentially leading to incorrect execution of virtual machines.

Reproduction

The vulnerability can be reproduced by executing VMSAVE or VMLOAD operations in an L2 guest virtual machine that is not intercepted by the L1 host. Under these conditions, KVM will incorrectly use vmcb02 instead of the intended vmcb01, leading to the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.