Linux Kernel KVM VGI Initialization Vulnerability on ARM64

A vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) module for ARM64 architecture, specifically in the virtual Generic Interrupt Controller (VGIC) initialization process. When creating a VGIC, the function 'vgic_allocate_private_irqs_locked()' can fail, leading to an early exit from the initialization routine 'kvm_vgic_create()'. This failure leaves the distribution's redirection regions uninitialized. Subsequently, the destruction function 'kvm_vgic_dist_destroy()' attempts to free these uninitialized regions, causing potential issues. The vulnerability arises because the initialization does not properly handle failures, leaving the system in an inconsistent state.

Impact

The vulnerability can lead to improper management of interrupt redirection regions, potentially causing system instability or crashes.

Reproduction

To reproduce this vulnerability, create a KVM virtual machine on an ARM64 host and configure it to use the VGIC. During the initialization process, induce a failure in the 'vgic_allocate_private_irqs_locked()' function. This can be done by manipulating the VM configuration or environment to trigger a failure condition. Once the failure occurs, the 'kvm_vgic_dist_destroy()' function will attempt to free the uninitialized redirection regions, leading to the vulnerability.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version available in the Linux kernel stable tree.