Vulnerability Details CVE-2022-50227
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/xen: Initialize Xen timer only once
Add a check for existing xen timers before initializing a new one.
Currently kvm_xen_init_timer() is called on every
KVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG
crash when vcpu->arch.xen.timer is already set.
ODEBUG: init active (active state 0)
object type: hrtimer hint: xen_timer_callbac0
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502
Call Trace:
__debug_object_init
debug_hrtimer_init
debug_init
hrtimer_init
kvm_xen_init_timer
kvm_xen_vcpu_set_attr
kvm_arch_vcpu_ioctl
kvm_vcpu_ioctl
vfs_ioctl
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.3%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2022-50227
-
cpe:2.3:o:linux:linux_kernel:5.19
-
cpe:2.3:o:linux:linux_kernel:5.19.1