AZL-70117

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70117.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70117

Upstream

CVE-2022-49932

Published

2025-05-02T16:15:22Z

Modified

2026-04-01T05:21:54.359788Z

Summary

CVE-2022-49932 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: VMX: Do all initialization before exposing /dev/kvm to userspace

Call kvminit() only after all setup is complete, as kvminit() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loadedvmcssoncpu list if userspace is able to create a VM before vmxinit() configures said list.

BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vmxvcpuloadvmcs+0x68/0x230 [kvmintel] <TASK> vmxvcpuload+0x16/0x60 [kvmintel] kvmarchvcpuload+0x32/0x1f0 [kvm] vcpuload+0x2f/0x40 [kvm] kvmarchvcpucreate+0x231/0x310 [kvm] kvmvmioctl+0x79f/0xe10 [kvm] ? handlemm_fault+0xb1/0x220 _x64sysioctl+0x80/0xb0 dosyscall64+0x2b/0x50 entrySYSCALL64afterhwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b </TASK> Modules linked in: vhostnet vhost vhostiotlb tap kvmintel(+) kvm irqbypass

References

https://nvd.nist.gov/vuln/detail/CVE-2022-49932

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70117.json"