Bugzilla – Bug 1223307
VUL-0: CVE-2024-25743: kernel: insufficient validation during #VC instruction emulation
Last modified: 2024-07-09 10:17:23 UTC
+++ This bug was initially created as a clone of Bug #1221725 +++ +++ This bug was initially created as a clone of Bug #1221638 +++ Fixes CVE-2024-25743 Not yet fixed so far.
according to AMD Borislav it is still WIP in development.
This CVE is affecting scenarios when the hypervisor can attack its guests. This is security relevant only in setups where HV is not trusted and as such this would be only problematic in Confidential VMs. This is not a scenario we do support on the host side yet. Affected hypervisor setups used at CSPs do not offer the AMD SEV-SNP Restricted Injection feature required to fix this issue, nor is any fix available in the upstream Linux kernel.
(In reply to Joerg Roedel from comment #11) > This CVE is affecting scenarios when the hypervisor can attack its guests. > This is security relevant only in setups where HV is not trusted and as such > this would be only problematic in Confidential VMs. This is not a scenario > we do support on the host side yet. > > Affected hypervisor setups used at CSPs do not offer the AMD SEV-SNP > Restricted Injection feature required to fix this issue, nor is any fix > available in the upstream Linux kernel. Thanks for the explanations Jörg. This makes sense to me for WONTFIX. Closing