CVE-2024-50114

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc6

Description: A use-after-free issue has been identified in the Linux kernel, specifically in the KVM: arm64: Unregister redistributor for failed vCPU creation. This issue occurs when tearing down a VM, and it has been triggered by syzkaller. The problem arises from the improper teardown of MMIO registration for a vCPU that fails creation. To fix this issue, a special-cased unregistration has been added to kvm vgic vcpu destroy(), which is safe because failed vCPUs are torn down outside of the config lock.

Recommendations: For Linux kernel versions prior to 6.11.0-rc6, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the kvm vgic vcpu destroy() function until a patch is available. Restrict access to the vulnerable kvm put kvm() function to minimize the risk of exploitation. Avoid using the kvm vm release() function in the affected API endpoint until the issue is resolved.