high
7.8
CWE
416
Advisory Published
Updated

CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

First published: Thu Mar 06 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will generate '0', i.e. KVM will return vCPU0 instead of NULL. In practice, the bug is unlikely to cause problems, as it will only come into play if userspace or the guest is buggy or misbehaving, e.g. KVM may send interrupts to vCPU0 instead of dropping them on the floor. However, returning vCPU0 when it shouldn't exist per online_vcpus is problematic now that KVM uses an xarray for the vCPUs array, as KVM needs to insert into the xarray before publishing the vCPU to userspace (see commit c5b077549136 ("KVM: Convert the kvm->vcpus array to a xarray")), i.e. before vCPU creation is guaranteed to succeed. As a result, incorrectly providing access to vCPU0 will trigger a use-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu() bails out of vCPU creation due to an error and frees vCPU0. Commit afb2acb2e3a3 ("KVM: Fix vcpu_array[0] races") papered over that issue, but in doing so introduced an unsolvable teardown conundrum. Preventing accesses to vCPU0 before it's fully online will allow reverting commit afb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=4.14.120<4.15
Linux Kernel>=4.19.44<4.20
Linux Kernel>=5.0.17<5.4.291
Linux Kernel>=5.5<5.10.235
Linux Kernel>=5.11<5.15.179
Linux Kernel>=5.16<6.1.129
Linux Kernel>=6.2<6.6.78
Linux Kernel>=6.7<6.12.14
Linux Kernel>=6.13<6.13.3

Remedy

https://git.kernel.org/stable/c/09d50ccf0b2d739db4a485b08afe7520a4402a63

Remedy

https://git.kernel.org/stable/c/125da53b3c0c9d7f58353aea0076e9efd6498ba7

Remedy

https://git.kernel.org/stable/c/1e7381f3617d14b3c11da80ff5f8a93ab14cfc46

Remedy

https://git.kernel.org/stable/c/5cce2ed69b00e022b5cdf0c49c82986abd2941a8

Remedy

https://git.kernel.org/stable/c/7c4899239d0f70f88ac42665b3da51678d122480

Remedy

https://git.kernel.org/stable/c/ca8da90ed1432ff3d000de4f1e2275d4e7d21b96

Remedy

https://git.kernel.org/stable/c/d817e510662fd1c9797952408d94806f97a5fffd

Remedy

https://git.kernel.org/stable/c/f2f805ada63b536bc192458a7098388286568ad4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-58083?

    The severity of CVE-2024-58083 is considered to be high due to potential exploitation affecting kernel operations.

  • How do I fix CVE-2024-58083?

    To fix CVE-2024-58083, update your Linux kernel to the latest version where the vulnerability has been patched.

  • What systems are affected by CVE-2024-58083?

    CVE-2024-58083 affects all versions of the Linux kernel prior to the patch that addresses this vulnerability.

  • What impact does CVE-2024-58083 have?

    CVE-2024-58083 can lead to unauthorized access to vCPU management functions, potentially compromising system stability.

  • When was CVE-2024-58083 made public?

    CVE-2024-58083 was publicly disclosed when the associated patch was released, enabling users to become aware of the issue.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203