{ "threat_severity" : "Moderate", "public_date" : "2024-06-20T00:00:00Z", "bugzilla" : { "description" : "kernel: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC", "id" : "2293344", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293344" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-99", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nKVM: LAPIC: Also cancel preemption timer during SET_LAPIC\nThe below warning is splatting during guest reboot.\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\nCPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5\nRIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\nCall Trace:\n\nkvm_vcpu_ioctl+0x279/0x710 [kvm]\n__x64_sys_ioctl+0x83/0xb0\ndo_syscall_64+0x3b/0xc0\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fd39797350b\nThis can be triggered by not exposing tsc-deadline mode and doing a reboot in\nthe guest. The lapic_shutdown() function which is called in sys_reboot path\nwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clears\nAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-mode\nswitch between tsc-deadline and oneshot/periodic, which can result in preemption\ntimer be cancelled in apic_update_lvtt(). However, We can't depend on this when\nnot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemption\ntimer. Qemu will synchronise states around reset, let's cancel preemption timer\nunder KVM_SET_LAPIC.", "A vulnerability was found in the Linux kernel's KVM component related to the LAPIC during the guest reboot process. This issue arises when the SET_LAPIC command is issued without exposing the tsc-deadline mode, leading to warnings and potential inconsistencies due to an unhandled preemption timer. This situation can disrupt the normal operation of virtual machines." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7683", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.3.1.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48765\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48765\nhttps://lore.kernel.org/linux-cve-announce/2024062009-CVE-2022-48765-ddb8@gregkh/T" ], "name" : "CVE-2022-48765", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }