CVE-2022-49557
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's KVM subsystem allows out-of-bounds writes when handling FPU state for virtual machines. This affects systems running KVM virtualization on older CPUs without XSAVE support, potentially leading to kernel crashes or data corruption. The vulnerability is triggered during VM migration or FPU state operations.
💻 Affected Systems
- Linux Kernel with KVM virtualization
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel crash leading to host system instability, potential denial of service for all VMs on the host, or data corruption in kernel memory structures.
Likely Case
Kernel panic or system crash when migrating VMs between hosts with different CPU capabilities, particularly from newer to older hardware without XSAVE support.
If Mitigated
Minor performance impact from KASAN catching the out-of-bounds write, with system remaining operational but potentially logging warnings.
🎯 Exploit Status
Exploitation requires KVM access and specific conditions (migration between hosts with different CPU capabilities). The vulnerability was discovered through normal development/testing processes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 9cf15ebb7dedfe2f27120743b8ea8441c99ac73c, c181acbd1a427859d5fda543b95fbae28f7f6068, d187ba5312307d51818beafaad87d28a7d939adf
Vendor Advisory: https://git.kernel.org/stable/c/9cf15ebb7dedfe2f27120743b8ea8441c99ac73c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable KVM on affected hardware
linuxPrevent use of KVM virtualization on systems with CPUs lacking XSAVE support
modprobe -r kvm_intel
modprobe -r kvm_amd
echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf
Avoid VM migration to older hardware
linuxPrevent migrating virtual machines to hosts with CPUs that don't support XSAVE
🧯 If You Can't Patch
- Avoid migrating VMs between hosts with different CPU capabilities
- Disable KVM virtualization on systems with Core2 or other non-XSAVE CPUs
🔍 How to Verify
Check if Vulnerable:
Check kernel version and CPU capabilities: uname -r and grep xsave /proc/cpuinfoCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security update status📡 Detection & Monitoring
Log Indicators:
- KASAN reports of slab-out-of-bounds writes
- Kernel panic messages related to FPU or KVM
- Warnings about FPU state corruption
Network Indicators:
- Unusual VM migration failures
SIEM Query:
kernel:("KASAN: slab-out-of-bounds" OR "fpu_copy_uabi_to_guest_fpstate") OR kvm:("FPU" OR "migration failure")