CVE-2024-55881

MEDIUM EPSS 10.3%
Published Jan 11, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 11, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall via VMGEXIT trips the WARN: ------------[ cut here ]------------ WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] Modules linked in: kvm_amd kvm ... [last unloaded: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470 Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024 RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm] Call Trace: <TASK> kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]---

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥5.15.5  –  <5.15.176
linuxlinux_kernel*≥5.16.1  –  <6.1.122
linuxlinux_kernel*≥6.2  –  <6.6.68
linuxlinux_kernel*≥6.7  –  <6.12.7
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel5.16any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0
    Patch