CVE-2022-39189
Description
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2148.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2458.html
Vendor advisory: alma — https://bugzilla.redhat.com/2177371
Vendor advisory: alma — https://bugzilla.redhat.com/2165741
Vendor advisory: alma — https://bugzilla.redhat.com/2147364
Vendor advisory: alma — https://bugzilla.redhat.com/2139610
Vendor advisory: alma — https://bugzilla.redhat.com/2134380
Vendor advisory: alma — https://bugzilla.redhat.com/2133490
Vendor advisory: alma — https://bugzilla.redhat.com/2107924
Vendor advisory: alma — https://bugzilla.redhat.com/2106830
Vendor advisory: alma — https://bugzilla.redhat.com/2089701
Vendor advisory: alma — https://bugzilla.redhat.com/2073091
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2736.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2736
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2951.html
Vendor advisory: alma — https://bugzilla.redhat.com/2180936
Vendor advisory: alma — https://bugzilla.redhat.com/2176192
Vendor advisory: alma — https://bugzilla.redhat.com/2168297
Vendor advisory: alma — https://bugzilla.redhat.com/2168246
Vendor advisory: alma — https://bugzilla.redhat.com/2165721
Vendor advisory: alma — https://bugzilla.redhat.com/2162120
Vendor advisory: alma — https://bugzilla.redhat.com/2160023
Vendor advisory: alma — https://bugzilla.redhat.com/2154235
Vendor advisory: alma — https://bugzilla.redhat.com/2154171
Vendor advisory: alma — https://bugzilla.redhat.com/2151270
Vendor advisory: alma — https://bugzilla.redhat.com/2150999
Vendor advisory: alma — https://bugzilla.redhat.com/2150979
Vendor advisory: alma — https://bugzilla.redhat.com/2150960
Vendor advisory: alma — https://bugzilla.redhat.com/2150947
Vendor advisory: alma — https://bugzilla.redhat.com/2144720
Vendor advisory: alma — https://bugzilla.redhat.com/2143943
Vendor advisory: alma — https://bugzilla.redhat.com/2143893
Vendor advisory: alma — https://bugzilla.redhat.com/2137979
Vendor advisory: alma — https://bugzilla.redhat.com/2134528
Vendor advisory: alma — https://bugzilla.redhat.com/2134517
Vendor advisory: alma — https://bugzilla.redhat.com/2134506
Vendor advisory: alma — https://bugzilla.redhat.com/2134451
Vendor advisory: alma — https://bugzilla.redhat.com/2134377
Vendor advisory: alma — https://bugzilla.redhat.com/2133483
Vendor advisory: alma — https://bugzilla.redhat.com/2130141
Vendor advisory: alma — https://bugzilla.redhat.com/2127985
Vendor advisory: alma — https://bugzilla.redhat.com/2124788
Vendor advisory: alma — https://bugzilla.redhat.com/2123056
Vendor advisory: alma — https://bugzilla.redhat.com/2122960
Vendor advisory: alma — https://bugzilla.redhat.com/2122228
Vendor advisory: alma — https://bugzilla.redhat.com/2114937
Vendor advisory: alma — https://bugzilla.redhat.com/2108696
Vendor advisory: alma — https://bugzilla.redhat.com/2108691
Vendor advisory: alma — https://bugzilla.redhat.com/2090723
Vendor advisory: alma — https://bugzilla.redhat.com/2085300
Vendor advisory: alma — https://bugzilla.redhat.com/2084125
Vendor advisory: alma — https://bugzilla.redhat.com/2078466
Vendor advisory: alma — https://bugzilla.redhat.com/2061703
Vendor advisory: alma — https://bugzilla.redhat.com/2055499
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2951
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-39189
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-39189.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2458
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2148
Mitigation details
Description kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning Red Hat statement With the current usecase, attacker need a root privileges to exploit this flaw, however there may have ways to defeat this either, but in both cases it seems that Attack Complexity is high (AC:H) CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata…
Description
kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
Red Hat statement
With the current usecase, attacker need a root privileges to exploit this flaw, however there may have ways to defeat this either, but in both cases it seems that Attack Complexity is high (AC:H)
CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8 | RHSA-2023:2736 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-477.10.1.el8_8 | RHSA-2023:2951 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2 | RHSA-2023:2148 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.19.6-1 |
| debian | bullseye | fixed | 5.10.191-1 |
| debian | forky | fixed | 5.19.6-1 |
| debian | sid | fixed | 5.19.6-1 |
| debian | trixie | fixed | 5.19.6-1 |
| almalinux | 8 | fixed | kernel-doc-4.18.0-477.10.1.el8_8.noarch.rpm |
| almalinux | 9 | fixed | kernel-doc-5.14.0-284.11.1.el9_2.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/errata/RHSA-2023:2458
- https://www.suse.com/security/cve/CVE-2022-39189.html
- https://security-tracker.debian.org/tracker/CVE-2022-39189
- https://access.redhat.com/errata/RHSA-2023:2951
- https://bugzilla.redhat.com/2055499
- https://bugzilla.redhat.com/2061703
- https://bugzilla.redhat.com/2078466
- https://bugzilla.redhat.com/2084125
- https://bugzilla.redhat.com/2085300
- https://bugzilla.redhat.com/2090723
- https://bugzilla.redhat.com/2108691
- https://bugzilla.redhat.com/2108696
- https://bugzilla.redhat.com/2114937
- https://bugzilla.redhat.com/2122228
- https://bugzilla.redhat.com/2122960
- https://bugzilla.redhat.com/2123056
- https://bugzilla.redhat.com/2124788
- https://bugzilla.redhat.com/2127985
- https://bugzilla.redhat.com/2130141
- https://bugzilla.redhat.com/2133483
- https://bugzilla.redhat.com/2134377
- https://bugzilla.redhat.com/2134451
- https://bugzilla.redhat.com/2134506
- https://bugzilla.redhat.com/2134517
Verify integrity in audit chain (admin only). AS-IS.