CVE-2022-48793
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the KVM (Kernel-based Virtual Machine) subsystem of the Linux kernel. During nested virtualization migration, improper initialization order could cause KVM to crash the host kernel, leading to denial of service. This affects systems running Linux with KVM enabled and using nested virtualization features.
💻 Affected Systems
- Linux kernel with KVM virtualization
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Host kernel panic leading to complete system crash and denial of service for all VMs and services on the affected host.
Likely Case
System crash or instability during nested VM migration operations, causing temporary service disruption.
If Mitigated
No impact if nested virtualization is disabled or migration operations are avoided.
🎯 Exploit Status
Exploitation requires local access to the host system, ability to create/migrate nested VMs, and triggering the specific code path during migration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.16.12, 5.15.25, 5.10.102 and later stable versions
Vendor Advisory: https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify the kernel version matches patched release.
🔧 Temporary Workarounds
Disable nested virtualization
linuxPrevents the vulnerable code path from being executed by disabling nested SVM/VMX features
echo 'options kvm-intel nested=0' > /etc/modprobe.d/kvm-intel.conf
echo 'options kvm-amd nested=0' > /etc/modprobe.d/kvm-amd.conf
update-initramfs -u
reboot
Avoid nested VM migration
allOperational workaround to prevent triggering the vulnerability
🧯 If You Can't Patch
- Disable nested virtualization features completely
- Restrict VM migration operations to trusted administrators only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if nested virtualization is enabled: cat /sys/module/kvm_intel/parameters/nested or cat /sys/module/kvm_amd/parameters/nestedCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: uname -r and check it matches patched versions from your distribution📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- KVM-related crash reports
- Unexpected host reboots during VM migration
Network Indicators:
- Sudden loss of connectivity to VMs during migration operations
SIEM Query:
source="kern.log" AND "kernel panic" AND ("KVM" OR "nested")🔗 References
- https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe
- https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6
- https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df
- https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe
- https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6
- https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df
