CVE-2022-49610

KVM: VMX: Prevent RSB underflow before vmenter

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's
SPEC_CTRL value is written, and the vmenter. Balanced returns (matched by a preceding call) are usually ok, but it's
at least theoretically possible an NMI with a deep call stack could
empty the RSB before one of the returns. For maximum paranoia, don't allow *any* returns (balanced or otherwise)
between the SPEC_CTRL write and the vmenter. [ bp: Fix 32-bit build. ]

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL value is written, and the vmenter. Balanced returns (matched by a preceding call) are usually ok, but it's at least theoretically possible an NMI with a deep call stack could empty the RSB before one of the returns. For maximum paranoia, don't allow *any* returns (balanced or otherwise) between the SPEC_CTRL write and the vmenter. [ bp: Fix 32-bit build. ]

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-12-23 CVE Updated
2025-12-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/d28b387fb74da95d69d2615732f50cceb38e9a4d	Vuln. Introduced
https://git.kernel.org/stable/c/44491a23b73789c0a914af4ea55ccf8968adf90b	Vuln. Introduced
https://git.kernel.org/stable/c/fc6aae9f407810cb153a9133c28735871f9f0a16	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862	2022-07-23
https://git.kernel.org/stable/c/07853adc29a058c5fd143c14e5ac528448a72ed9	2022-06-27

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49610	2022-12-13
https://bugzilla.redhat.com/show_bug.cgi?id=2347926	2022-12-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.18.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.18.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.57 Search vendor "Linux" for product "Linux Kernel" and version "3.16.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.168 Search vendor "Linux" for product "Linux Kernel" and version "4.4.168"		en		Affected