CVE-2024-45005

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to a validity interception problem in the KVM (Kernel-based Virtual Machine) component of the Linux kernel when the gisa (Guest Interrupt Specification Architecture) is switched off. This can occur either by using the kernel parameter "kvm.use gisa=0" or by setting the related sysfs attribute to N. The problem arises because an uninitialized gisa origin is passed to the virt to phys() function before being written to the gisa designation in the SIE (System Interrupt Executor) control block. To fix this, the kvm s390 get gisa desc() function now returns 0 if the origin is 0, which determines the gisa designation to set in the SIE control block and disables gisa usage when the designation is 0.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the gisa usage by setting the kernel parameter "kvm.use gisa=0" or the related sysfs attribute to N until a patch is available.