{"id":"CVE-2022-48727","summary":"KVM: arm64: Avoid consuming a stale esr value when SError occur","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Avoid consuming a stale esr value when SError occur\n\nWhen any exception other than an IRQ occurs, the CPU updates the ESR_EL2\nregister with the exception syndrome. An SError may also become pending,\nand will be synchronised by KVM. KVM notes the exception type, and whether\nan SError was synchronised in exit_code.\n\nWhen an exception other than an IRQ occurs, fixup_guest_exit() updates\nvcpu-\u003earch.fault.esr_el2 from the hardware register. When an SError was\nsynchronised, the vcpu esr value is used to determine if the exception\nwas due to an HVC. If so, ELR_EL2 is moved back one instruction. This\nis so that KVM can process the SError first, and re-execute the HVC if\nthe guest survives the SError.\n\nBut if an IRQ synchronises an SError, the vcpu's esr value is stale.\nIf the previous non-IRQ exception was an HVC, KVM will corrupt ELR_EL2,\ncausing an unrelated guest instruction to be executed twice.\n\nCheck ARM_EXCEPTION_CODE() before messing with ELR_EL2, IRQs don't\nupdate this register so don't need to check.","modified":"2026-03-20T12:21:47.649142Z","published":"2024-06-20T11:13:16.668Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48727.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c71dbc8a179d99dd9bb7e7fc1888db613cf85de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/57e2986c3b25092691a6e3d6ee9168caf8978932"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1e852746997500f1873f60b954da5f02cc2dba3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48727.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48727"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"defe21f49bc98b095300752aa1e19bb608f3e97d"},{"fixed":"e1e852746997500f1873f60b954da5f02cc2dba3"},{"fixed":"57e2986c3b25092691a6e3d6ee9168caf8978932"},{"fixed":"1c71dbc8a179d99dd9bb7e7fc1888db613cf85de"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48727.json"}}],"schema_version":"1.7.5"}