{ "threat_severity" : "Moderate", "public_date" : "2022-11-23T00:00:00Z", "bugzilla" : { "description" : "kernel: KVM: x86/mmu: race condition in direct_page_fault()", "id" : "2151317", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2151317" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-362", "details" : [ "A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.", "A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled." ], "statement" : "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview and is therefore unsupported for production use. For additional details, please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:6901", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2024-03-06T00:00:00Z", "advisory" : "RHSA-2024:1188", "cpe" : "cpe:/o:redhat:rhel_eus:8.6", "package" : "kernel-0:4.18.0-372.95.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1404", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.51.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-08-01T00:00:00Z", "advisory" : "RHSA-2023:4377", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.25.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-08-01T00:00:00Z", "advisory" : "RHSA-2023:4378", "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv", "package" : "kernel-rt-0:5.14.0-284.25.1.rt14.310.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-08-01T00:00:00Z", "advisory" : "RHSA-2023:4377", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.25.1.el9_2" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2024-03-06T00:00:00Z", "advisory" : "RHSA-2024:1188", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "kernel-0:4.18.0-372.95.1.el8_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-45869\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45869" ], "name" : "CVE-2022-45869", "mitigation" : { "value" : "This vulnerability can be mitigated by disabling the nested virtualization feature.\nFor Intel:\n```\n# modprobe -r kvm_intel\n# modprobe kvm_intel nested=0\n```\nFor AMD:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```", "lang" : "en:us" }, "csaw" : false }