Linux KVM Instruction Emulation Issue

KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence, KVM instruction emulation can access memory through stale translations when the guest kernel thinks it has flushed all cached translations. This could potentially be used by unprivileged userspace inside a guest to compromise the guest kernel.

SHA-256 | 16fd49b64aee26c8f9a9ad6cb4265e74537f37bede65109a50798f82ac77833b

Related Posts