Sev-es / sev-snp vmgexit double fetch vulnerability
CVE-2023-4155

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 13 September 2023

Summary

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (CONFIG_VMAP_STACK).

References

https://access.redhat.com/security/cve/CVE-2023-4155

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2213802

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Aug 4, 2023