CVE-2022-49884

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49884
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49884.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49884
Related
Published
2025-05-01T15:16:13Z
Modified
2025-05-02T13:52:51Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: Initialize gfntopfn_cache locks in dedicated helper

Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit()'s ability to re-initialize the cache's locks.

For example: a race between ioctl(KVMXENHVMEVTCHNSEND) and kvmgfntopfncache_init() leads to a corrupted shinfo gpc lock.

            (thread 1)                |           (thread 2)
                                      |

kvmxensetevtchnfast | readlockirqsave(&gpc->lock, ...) | | kvmgfntopfncacheinit | rwlockinit(&gpc->lock) readunlockirqrestore(&gpc->lock, ...) |

Rename "cacheinit" and "cachedestroy" to activate+deactivate to avoid implying that the cache really is destroyed/freed.

Note, there more races in the newly named kvmgpcactivate() that will be addressed separately.

[sean: call out that this is a bug fix]

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}