CVE-2024-46830

Published: Sep 27, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK>

Vendor	Product	Versions
Linux	Linux	affected `e302786233e6bc512986d007c96458ccf5ca21c7 - < 5f35099fa3d59caf10bda88b033538e90086684e` affected `f7e570780efc5cec9b2ed1e0472a7da14e864fdb - < fa297c33faefe51e10244e8a378837fca4963228` affected `f7e570780efc5cec9b2ed1e0472a7da14e864fdb - < 939375737b5a0b1bf9b1e75129054e11bc9ca65e` affected `f7e570780efc5cec9b2ed1e0472a7da14e864fdb - < ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9` affected `f7e570780efc5cec9b2ed1e0472a7da14e864fdb - < 4bcdd831d9d01e0fb64faea50732b59b2ee88da1` +5 more versions
Linux	Linux	affected `5.17` unaffected `0 - < 5.17` unaffected `5.15.198 - <= 5.15.` unaffected `6.1.110 - <= 6.1.` unaffected `6.6.51 - <= 6.6.*` +2 more versions

References

https://git.kernel.org/stable/c/5f35099fa3d59caf10bda88b033538e90086684e

https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228

https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e

https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9

https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-46830

Description

Affected Products

References