Linux Kernel KVM PDPTR Reading Vulnerability in x86 Architecture

A vulnerability has been identified in the Linux kernel's KVM (Kernel-based Virtual Machine) module for x86 architecture. This issue arises from the lack of proper synchronization when reading Page Directory Pointer Table (PDPTR) registers, which can lead to unintended access to guest memory. The vulnerability affects several versions of the Linux kernel, including 6.12.59+ #3. The root cause is the absence of SRCU (Sleepable Read-Copy Update) protection, allowing guest memory access without the necessary locks, thereby triggering a lock dependency warning.

Impact

Exploitation of this vulnerability can cause improper handling of guest memory accesses, potentially leading to memory corruption or unauthorized memory access in virtualized environments.

Reproduction

The vulnerability can be reproduced by invoking the KVM_GET_SREGS2 ioctl command on a virtual CPU (vCPU) that is using PAE (Physical Address Extension) paging. This will trigger the PDPTR reading process, which without the proper SRCU locks, will access guest memory in an unprotected manner.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed by adding the necessary SRCU protection when reading PDPTR registers.