In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
Ignore -EBUSY when checking nested events after exiting a blocking state
while L2 is active, as exiting to userspace will generate a spurious
userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's
demise. Continuing with the wakeup isn't perfect either, as *something*
has gone sideways if a vCPU is awakened in L2 with an injected event (or
worse, a nested run pending), but continuing on gives the VM a decent
chance of surviving without any major side effects.
As explained in the Fixes commits, it _should_ be impossible for a vCPU to
be put into a blocking state with an already-injected event (exception,
IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected
events, and thus put the vCPU into what should be an impossible state.
Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller
Kconfig, as WARNs can (hopefully) be added in paths where _KVM_ would be
violating x86 architecture, e.g. by WARNing if KVM attempts to inject an
exception or interrupt while the vCPU isn't running.
This CVE addresses a Linux kernel KVM vulnerability where nested events are improperly handled when a vCPU exits blocking state in L2 mode, potentially causing VM crashes. The fix ignores -EBUSY errors during nested event checking to prevent spurious userspace exits and allow VMs to continue operating.
يتعلق هذا الثغر بمعالج الأحداث المتداخلة في نواة Linux KVM حيث قد يحدث تعطل الآلات الافتراضية عند خروج وحدة المعالجة الافتراضية من حالة الحجب مع وجود أحداث معلقة. يحدث الخطأ عندما يحاول النظام التحقق من الأحداث المتداخلة ويتلقى خطأ -EBUSY مما يؤدي إلى خروج غير متوقع للمستخدم.
This vulnerability affects Linux kernel KVM hypervisor nested virtualization handling, which could impact Saudi organizations running virtualized infrastructure with nested VM configurations. The fix prevents VM crashes by properly handling event injection errors during vCPU blocking state transitions.
Update Linux kernel to the patched version that ignores -EBUSY errors when checking nested events after vcpu_block() exits. Organizations should apply kernel security updates promptly and test nested virtualization workloads after patching.
قم بتحديث نواة Linux إلى الإصدار المصحح الذي يتجاهل أخطاء -EBUSY عند فحص الأحداث المتداخلة بعد خروج vcpu_block(). يجب على المؤسسات تطبيق تحديثات أمان النواة بسرعة واختبار أحمال العمل الافتراضية المتداخلة بعد التصحيح.