CVE-2022-49886 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

x86/tdx: Panic on bad configs that #VE on "private" memory access

All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel memory is essentially impossible because they can happen in horribly nasty places like kernel entry/exit. But, TDX hardware can theoretically _deliver_ a virtualization exception (#VE) on any access to private memory.

But, it's not as bad as it sounds. TDX can be configured to never deliver these exceptions on private memory with a "TD attribute" called ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this attribute, but it can check it.

Ensure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it is unset. There is no sane way for Linux to run with this attribute clear so a panic() is appropriate.

There's small window during boot before the check where kernel has an early #VE handler. But the handler is only for port I/O and will also panic() as soon as it sees any other #VE, such as a one generated by a private memory access.

[ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().
Add Kirill's tested-by because I made changes since he wrote this. ]

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 11/11/2025

The vulnerability identified as CVE-2022-49886 resides within the Linux kernel's implementation of Intel Trust Domain Extensions technology, specifically addressing a critical configuration oversight that could compromise system integrity. This flaw affects systems utilizing Intel's TDX hardware virtualization capabilities where the kernel fails to properly validate the security attributes of memory regions during the early boot process. The vulnerability stems from the kernel's inability to ensure that the ATTR_SEPT_VE_DISABLE attribute is correctly set, which controls whether virtualization exceptions can be delivered for private memory accesses.

The technical implementation of this vulnerability involves the x86 architecture's Trust Domain Extensions functionality where all kernel memory is classified as "TDX private memory" encompassing kernel stacks, text segments, and other critical kernel components. The TDX hardware can theoretically generate virtualization exceptions (#VE) on any access to private memory, creating a dangerous scenario where kernel memory access faults could occur in unpredictable locations such as kernel entry and exit points. This architectural feature, while designed for security, becomes a liability when improperly configured because handling exceptions during arbitrary kernel memory accesses is fundamentally problematic due to the unpredictable nature of kernel execution contexts.

The operational impact of this vulnerability is severe as it directly threatens system stability and security. When the ATTR_SEPT_VE_DISABLE attribute is not properly set during early boot, the kernel cannot guarantee safe operation with TDX virtualization. The vulnerability creates a scenario where the system could experience unexpected panics or crashes when attempting to handle virtualization exceptions on kernel memory regions. This particular flaw affects the kernel's early boot sequence where there exists a small window before the final validation check where an early #VE handler exists, but this handler is only designed for port I/O operations and will panic upon encountering any other #VE, including those generated by private memory access attempts.

The mitigation strategy implemented in the kernel fix involves enforcing proper configuration validation during the early boot process by explicitly checking for the ATTR_SEPT_VE_DISABLE attribute and triggering a system panic if it remains unset. This approach aligns with security best practices by ensuring that the kernel operates in a known secure state rather than attempting to handle potentially dangerous scenarios. The fix is implemented through the tdx_parse_tdinfo() function and incorporates proper validation during boot initialization, ensuring that the system will not proceed with potentially insecure TDX configurations. This defensive programming approach follows the principle of fail-fast in security-sensitive contexts, as outlined in the CWE-691 category of insecure initialization of security-critical data.

The vulnerability demonstrates the importance of proper hardware security attribute validation in virtualized environments and aligns with ATT&CK techniques related to privilege escalation and system compromise through hardware-level vulnerabilities. The fix addresses a fundamental configuration error that could enable attackers to exploit the TDX implementation in ways that compromise kernel memory integrity, potentially leading to complete system compromise. This type of vulnerability highlights the critical need for proper validation of hardware security features during system initialization, as specified in industry standards for secure system design and implementation.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00140

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!