Linux Kernel KVM Pin Leak and Publication Ordering Vulnerability in VCPU Initialization

A vulnerability has been identified in the Linux kernel's KVM (Kernel-based Virtual Machine) module for arm64 architecture. This issue arises during the initialization of virtual CPUs (vCPUs) and involves a pin leak and improper publication ordering. Specifically, if a check fails after successfully pinning shared memory, the cleanup process skips unpinning the host vCPU and SVE (Scalable Vector Extension) state, leading to a permanent leak of pin references. Additionally, the function responsible for registering a vCPU publishes the pointer to the vCPU array without proper synchronization, allowing concurrent operations to see a partially initialized object. These issues have been addressed by introducing a new helper function that manages the registration process and ensures correct synchronization, preventing memory leaks and maintaining data integrity.

Impact

The vulnerability could lead to memory management issues, specifically pin leaks, which can cause resource exhaustion or undefined behavior in the virtual machine environment.

Reproduction

To reproduce this vulnerability, initialize a vCPU in the KVM arm64 environment without proper error handling after pinning shared memory. This can be done by simulating a failure in the initialization process that bypasses the unpinning of the host vCPU and SVE state, while also allowing a concurrent operation to access the vCPU array before the new vCPU pointer is fully initialized.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.