Christian Borntraeger

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The issue is related to a validity interception problem in the KVM (Kernel-based Virtual Machine) component of the Linux kernel when the gisa (Guest Interrupt Specification Architecture) is switched off. This can occur either by using the kernel parameter "kvm.use gisa=0" or by setting the related sysfs attribute to N. The problem arises because an uninitialized gisa origin is passed to the `virt to phys()` function before being written to the gisa designation in the SIE (System Interrupt Executor) control block. To fix this, the `kvm s390 get gisa desc()` function now returns 0 if the origin is 0, which determines the gisa designation to set in the SIE control block and disables gisa usage when the designation is 0. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the gisa usage by setting the kernel parameter "kvm.use gisa=0" or the related sysfs attribute to N until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the KVM: s390: fix setting of fpc register in the Linux kernel. The `kvm arch vcpu ioctl set fpu()` function allows setting the floating point control (fpc) register of a guest CPU. The new value is tested for validity by temporarily loading it into the fpc register. However, this may lead to corruption of the fpc register of the host process if an interrupt happens while the value is temporarily loaded and floating point or vector registers are used within the interrupt context. The fix involves removing the test, which results in a change of behavior where invalid values are now accepted instead of the ioctl failing with -EINVAL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.17-rc4 **Description** A flaw in the `kvm s390 guest sida op` function in KVM for s390 in the Linux kernel allows a local attacker with normal user privileges to obtain unauthorized memory write access. This issue is related to insufficient protection of service data, which can be exploited to gain unauthorized access to protected information. **Recommendations** For Linux kernel versions prior to 5.17-rc4, update to version 5.17-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `kvm s390 guest sida op` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-1-parisc-smp version 2.6.26-1 linux-image-2.6.26-1-486 version 2.6.26-1 linux-image-2.6.26-1-alpha-smp version 2.6.26-1 linux-image-2.6.26-1-iop32x version 2.6.26-1 linux-headers-2.6.26-1-common-vserver version 2.6.26-1 linux-headers-2.6.26-1-486 version 2.6.26-1 linux-headers-2.6.26-1-all version 2.6.26-1 linux-headers-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-sparc64-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-image-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc64 version 2.6.26-1 linux-image-2.6.26-1-vserver-itanium version 2.6.26-1 linux-headers-2.6.26-1-powerpc version 2.6.26-1 linux-image-2.6.26-1-alpha-generic version 2.6.26-1 linux-image-2.6.26-1-r4k-ip22 version 2.6.26-1 linux-headers-2.6.26-1-alpha-generic version 2.6.26-1 linux-image-2.6.26-1-vserver-mckinley version 2.6.26-1 linux-image-2.6.26-1-vserver-amd64 version 2.6.26-1 linux-headers-2.6.26-1-r5k-ip32 version 2.6.26-1 linux-image-2.6.26-1-powerpc version 2.6.26-1 linux-headers-2.6.26-1-vserver-itanium version 2.6.26-1 linux-headers-2.6.26-1-itanium version 2.6.26-1 linux-image-2.6.26-1-sb1-bcm91250a version 2.6.26-1 linux-headers-2.6.26-1-vserver-mckinley version 2.6.26-1 linux-image-2.6.26-1-mckinley version 2.6.26-1 linux-headers-2.6.26-1-all-i386 version 2.6.26-1 linux-headers-2.6.26-1-all-ia64 version 2.6.26-1 linux-headers-2.6.26-1-all-powerpc version 2.6.26-1 linux-image-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-image-2.6.26-1-versatile version 2.6.26-1 linux-image-2.6.26-1-sparc64-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-hppa version 2.6.26-1 linux-image-2.6.26-1-parisc64-smp version 2.6.26-1 linux-headers-2.6.26-1-all-arm version 2.6.26-1 linux-headers-2.6.26-1-686-bigmem version 2.6.26-1 linux-image-2.6.26-1-amd64 version 2.6.26-1 linux-image-2.6.26-1-s390-tape version 2.6.26-1 linux-headers-2.6.26-1-vserver-amd64 version 2.6.26-1 linux-headers-2.6.26-1-all-mipsel version 2.6.26-1 linux-headers-2.6.26-1-xen-amd64 version 2.6.26-1 linux-headers-2.6.26-1-4kc-malta version 2.6.26-1 linux-headers-2.6.26-1-amd64 version 2.6.26-1 linux-headers-2.6.26-1-footbridge version 2.6.26-1 linux-headers-2.6.26-1-parisc-smp version 2.6.26-1 linux-headers-2.6.26-1-vserver-s390x version 2.6.26-1 linux-headers-2.6.26-1-iop32x version 2.6.26-1 linux-image-2.6.26-1-686 version 2.6.26-1 linux-support-2.6.26-1 version 2.6.26-1 linux-headers-2.6.26-1-xen-686 version 2.6.26-1 linux-image-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-all-amd64 version 2.6.26-1 linux-headers-2.6.26-1-parisc version 2.6.26-1 linux-modules-2.6.26-1-xen-amd64 version 2.6.26-1 linux-image-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-image-2.6.26-1-r5k-cobalt version 2.6.26-1 linux-headers-2.6.26-1-common-openvz version 2.6.26-1 linux-headers-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-headers-2.6.26-1-s390 version 2.6.26-1 linux-image-2.6.26-1-vserver-s390x version 2.6.26-1 linux-image-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-versatile version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc64 version 2.6.26-1 linux-headers-2.6.26-1-common version 2.6.26-1 linux-image-2.6.26-1-footbridge version 2.6.26-1 linux-image-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-alpha version 2.6.26-1 linux-headers-2.6.26-1-all-armel version 2.6.26-1 linux-headers-2.6.26-1-r4k-ip22 version 2.6.26-1 linux-headers-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-headers-2.6.26-1-common-xen version 2.6.26-1 linux-image-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-mckinley version 2.6.26-1 linux-image-2.6.26-1-parisc version 2.6.26-1 linux-headers-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-powerpc64 version 2.6.26-1 linux-image-2.6.26-1-itanium version 2.6.26-1 linux-image-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-all-sparc version 2.6.26-1 linux-image-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-all-s390 version 2.6.26-1 linux-headers-2.6.26-1-5kc-malta version 2.6.26-1 linux-image-2.6.26-1-powerpc64 version 2.6.26-1 linux-modules-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-686 version 2.6.26-1 linux-image-2.6.26-1-4kc-malta version 2.6.26-1 linux-image-2.6.26-1-s390 version 2.6.26-1 linux-headers-2.6.26-1-sb1-bcm91250a version 2.6.26-1 linux-headers-2.6.26-1-all-mips version 2.6.26-1 **Description** The issue affects the Linux kernel, allowing local users to cause a denial of service or possibly gain privileges via a crafted system call. The vulnerability can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.