Linux Kernel KVM Nested Event Handling Vulnerability in VCPU Block State

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) module for x86 architecture has been addressed. The issue arose because a virtual CPU (vCPU) could enter a blocking state with an already injected event, which should be impossible. This situation can lead to a spurious exit to userspace, typically with KVM_EXIT_UNKNOWN, potentially causing the virtual machine (VM) to fail. The vulnerability was introduced because userspace can manipulate the vCPU's state and inject events, creating an unexpected condition. The problem was particularly pronounced when handling nested events, as exiting a blocking state while the second level (L2) is active could disrupt normal VM operations.

Impact

The vulnerability could cause a virtual machine to fail or become unresponsive, particularly when nested virtualization is involved.

Reproduction

The vulnerability can be reproduced by injecting events into a vCPU while it is in a blocking state, which should not be possible under normal circumstances. This can be done by manipulating the vCPU's state through userspace, leading to an incorrect handling of nested events.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.