CVE-2022-49932

In the Linux kernel, the following vulnerability has been resolved:

KVM: VMX: Do all initialization before exposing /dev/kvm to userspace

Call kvminit() only after all setup is complete, as kvminit() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loadedvmcssoncpu list if userspace is able to create a VM before vmxinit() configures said list.

BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vmxvcpuloadvmcs+0x68/0x230 [kvmintel] <TASK> vmxvcpuload+0x16/0x60 [kvmintel] kvmarchvcpuload+0x32/0x1f0 [kvm] vcpuload+0x2f/0x40 [kvm] kvmarchvcpucreate+0x231/0x310 [kvm] kvmvmioctl+0x79f/0xe10 [kvm] ? handlemm_fault+0xb1/0x220 _x64sysioctl+0x80/0xb0 dosyscall64+0x2b/0x50 entrySYSCALL64afterhwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b </TASK> Modules linked in: vhostnet vhost vhostiotlb tap kvmintel(+) kvm irqbypass