Linux Kernel Vulnerability in KVM Affecting AMD's SEV-ES and SEV-SNP Implementations
CVE-2024-55881

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the Linux kernel's KVM component can lead to improper handling of hypercalls for protected guests utilizing AMD's SEV-ES and SEV-SNP features. The issue arises from the incorrect detection of 64-bit hypercall mode during the exit process, where the state of the vCPU does not reveal whether a hypercall was made in 64-bit mode. This oversight could potentially allow unauthorized access or manipulation of virtual machine functionalities. Prompt patching is recommended to mitigate the risk associated with this vulnerability.

Affected Version(s)

Linux 5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1 < 0840d360a8909c722fb62459f42836afe32ededb

Linux b5aead0064f33ae5e693a364e3204fe1c0ac9af2 < 7ed4db315094963de0678a8adfd43c46471b9349

Linux b5aead0064f33ae5e693a364e3204fe1c0ac9af2 < 3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6

References

https://git.kernel.org/stable/c/0840d360a8909c722fb62459f...

https://git.kernel.org/stable/c/7ed4db315094963de0678a8ad...

https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf52...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 9, 2025