{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49610","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.417Z","datePublished":"2025-02-26T02:23:33.299Z","dateUpdated":"2025-12-23T13:24:44.142Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-23T13:24:44.142Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Prevent RSB underflow before vmenter\n\nOn VMX, there are some balanced returns between the time the guest's\nSPEC_CTRL value is written, and the vmenter.\n\nBalanced returns (matched by a preceding call) are usually ok, but it's\nat least theoretically possible an NMI with a deep call stack could\nempty the RSB before one of the returns.\n\nFor maximum paranoia, don't allow *any* returns (balanced or otherwise)\nbetween the SPEC_CTRL write and the vmenter.\n\n  [ bp: Fix 32-bit build. ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/asm-offsets.c","arch/x86/kernel/cpu/bugs.c","arch/x86/kvm/vmx/capabilities.h","arch/x86/kvm/vmx/vmenter.S","arch/x86/kvm/vmx/vmx.c","arch/x86/kvm/vmx/vmx.h","arch/x86/kvm/vmx/vmx_ops.h"],"versions":[{"version":"d28b387fb74da95d69d2615732f50cceb38e9a4d","lessThan":"afd743f6dde87296c6f3414706964c491bb85862","status":"affected","versionType":"git"},{"version":"d28b387fb74da95d69d2615732f50cceb38e9a4d","lessThan":"07853adc29a058c5fd143c14e5ac528448a72ed9","status":"affected","versionType":"git"},{"version":"44491a23b73789c0a914af4ea55ccf8968adf90b","status":"affected","versionType":"git"},{"version":"fc6aae9f407810cb153a9133c28735871f9f0a16","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/asm-offsets.c","arch/x86/kernel/cpu/bugs.c","arch/x86/kvm/vmx/capabilities.h","arch/x86/kvm/vmx/vmenter.S","arch/x86/kvm/vmx/vmx.c","arch/x86/kvm/vmx/vmx.h","arch/x86/kvm/vmx/vmx_ops.h"],"versions":[{"version":"4.16","status":"affected"},{"version":"0","lessThan":"4.16","status":"unaffected","versionType":"semver"},{"version":"5.18.14","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.16","versionEndExcluding":"5.18.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.16","versionEndExcluding":"5.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.57"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.168"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862"},{"url":"https://git.kernel.org/stable/c/07853adc29a058c5fd143c14e5ac528448a72ed9"}],"title":"KVM: VMX: Prevent RSB underflow before vmenter","x_generator":{"engine":"bippy-1.2.0"}}}}