CVE-2022-48763 – This CVE-2022-48763 is a Linux kernel vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-48763?

CVE-2022-48763 has a CVSS score of 5.5 (MEDIUM). This CVE-2022-48763 is a Linux kernel vulnerability in KVM's nested virtualization handling where toggling SMM state while a virtual CPU is in nested virtualization mode causes memory leaks and puts the system in an architecturally impossible state. It affects Linux systems using KVM virtualization with nested virtualization enabled. Attackers with access to the KVM interface could potentially crash the host or leak kernel memory.

📋 TL;DR

This CVE-2022-48763 is a Linux kernel vulnerability in KVM's nested virtualization handling where toggling SMM state while a virtual CPU is in nested virtualization mode causes memory leaks and puts the system in an architecturally impossible state. It affects Linux systems using KVM virtualization with nested virtualization enabled. Attackers with access to the KVM interface could potentially crash the host or leak kernel memory.

💻 Affected Systems

Products:

Linux kernel with KVM virtualization

Versions: Linux kernel versions before the fix commit 080dbe7e9b86a0392d8dffc00d9971792afc121f

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when nested virtualization is enabled and KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS is used to toggle SMM state.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Host kernel crash leading to denial of service, potential memory corruption, or information disclosure through memory leaks.

🟠

Likely Case

Memory leak leading to resource exhaustion and potential system instability or crash.

🟢

If Mitigated

Limited impact if nested virtualization is disabled or access to KVM interface is restricted.

🌐 Internet-Facing: LOW - Requires access to KVM interface which is typically not internet-facing.

🏢 Internal Only: MEDIUM - Requires local access or compromised VM with KVM privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires access to KVM interface with appropriate privileges to trigger the vulnerable code path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 080dbe7e9b86a0392d8dffc00d9971792afc121f or later

Vendor Advisory: https://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit 080dbe7e9b86a0392d8dffc00d9971792afc121f. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable nested virtualization

linux

Prevents the vulnerable code path by disabling nested virtualization features.

echo 'options kvm_intel nested=0' > /etc/modprobe.d/kvm-intel.conf
echo 'options kvm_amd nested=0' > /etc/modprobe.d/kvm-amd.conf
rmmod kvm_intel kvm_amd
modprobe kvm_intel
modprobe kvm_amd

Restrict KVM interface access

linux

Limit access to /dev/kvm device to trusted users only.

chmod 660 /dev/kvm
chown root:kvm /dev/kvm

🧯 If You Can't Patch

Disable nested virtualization in KVM configuration
Restrict access to KVM interface to minimal required users

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nested virtualization is enabled: 'uname -r' and 'cat /sys/module/kvm_intel/parameters/nested' or 'cat /sys/module/kvm_amd/parameters/nested'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: 'uname -r' should show version with commit 080dbe7e9b86a0392d8dffc00d9971792afc121f

📡 Detection & Monitoring

Log Indicators:

Kernel warnings about 'free_loaded_vmcs' failures
Memory leak warnings in kernel logs
System crashes related to KVM operations

Network Indicators:

No network indicators - this is a local privilege/interface issue

SIEM Query:

source="kernel" AND ("free_loaded_vmcs" OR "KVM" AND "WARNING")

📊 Metadata

CVE ID: CVE-2022-48763

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: June 20, 2024

Last Updated: September 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48763, you might also want to check these: