{
  "threat_severity" : "Moderate",
  "public_date" : "2024-08-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: KVM: x86/mmu: make apf token non-zero to fix bug",
    "id" : "2307199",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2307199"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-367",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nKVM: x86/mmu: make apf token non-zero to fix bug\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\nThis bug may cause task blocked forever in Guest:\nINFO: task stress:7532 blocked for more than 1254 seconds.\nNot tainted 5.10.0 #16\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:stress          state:D stack:    0 pid: 7532 ppid:  1409\nflags:0x00000080\nCall Trace:\n__schedule+0x1e7/0x650\nschedule+0x46/0xb0\nkvm_async_pf_task_wait_schedule+0xad/0xe0\n? exit_to_user_mode_prepare+0x60/0x70\n__kvm_handle_async_pf+0x4f/0xb0\n? asm_exc_page_fault+0x8/0x30\nexc_page_fault+0x6f/0x110\n? asm_exc_page_fault+0x8/0x30\nasm_exc_page_fault+0x1e/0x30\nRIP: 0033:0x402d00\nRSP: 002b:00007ffd31912500 EFLAGS: 00010206\nRAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\nRDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\nRBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\nR10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\nR13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000", "A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability." ],
  "statement" : "This issue is fixed in RHEL-9.0 and above (including 8.10):\n~~~\nin (rhel-9.1, rhel-9.2, rhel-9.3, rhel-9.4, rhel-9.5) KVM: x86/mmu: make apf token non-zero to fix bug\nin (rhel-8.7, rhel-8.8, rhel-8.9, rhel-8.10) KVM: x86/mmu: make apf token non-zero to fix bug\nin (rhel-9.0) KVM: x86/mmu: make apf token non-zero to fix bug\nin (rhel-8.6) KVM: x86/mmu: make apf token non-zero to fix bug\n~~~\nPlease note that while RHEL-9 kernel-rt still appears as affected, it has been fixed in the same RHSA as RHEL-9 kernel. This is because from RHEL-9.3 onwards, the kernel and kernel-rt fixes are bundled together in a single errata.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-09-13T00:00:00Z",
    "advisory" : "RHSA-2022:6460",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.26.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7683",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-425.3.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-08-09T00:00:00Z",
    "advisory" : "RHSA-2022:6003",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-70.22.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-08-09T00:00:00Z",
    "advisory" : "RHSA-2022:6003",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-70.22.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-09-13T00:00:00Z",
    "advisory" : "RHSA-2022:6460",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.26.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48943\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48943\nhttps://lore.kernel.org/linux-cve-announce/2024082227-CVE-2022-48943-8e11@gregkh/T" ],
  "name" : "CVE-2022-48943",
  "csaw" : false
}