CVE-2022-42336

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue concerns the mishandling of guest SSBD selection on AMD hardware, specifically AMD Family 17h and Hygon Family 18h processors. The current logic to set SSBD requires coordination at a core level, as the setting is shared between threads. A per-core counter of threads that have SSBD active is used to keep track of how many threads require SSBD active. However, when running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT SPEC CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.