{"id":"CVE-2022-48765","summary":"KVM: LAPIC: Also cancel preemption timer during SET_LAPIC","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: LAPIC: Also cancel preemption timer during SET_LAPIC\n\nThe below warning is splatting during guest reboot.\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n  CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G          I       5.17.0-rc1+ #5\n  RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n  Call Trace:\n   \u003cTASK\u003e\n   kvm_vcpu_ioctl+0x279/0x710 [kvm]\n   __x64_sys_ioctl+0x83/0xb0\n   do_syscall_64+0x3b/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fd39797350b\n\nThis can be triggered by not exposing tsc-deadline mode and doing a reboot in\nthe guest. The lapic_shutdown() function which is called in sys_reboot path\nwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clears\nAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-mode\nswitch between tsc-deadline and oneshot/periodic, which can result in preemption\ntimer be cancelled in apic_update_lvtt(). However, We can't depend on this when\nnot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemption\ntimer. Qemu will synchronise states around reset, let's cancel preemption timer\nunder KVM_SET_LAPIC.","modified":"2026-04-02T08:26:59.144947Z","published":"2024-06-20T11:13:41.830Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48765.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/35fe7cfbab2e81f1afb23fc4212210b1de6d9633"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54b3439c8e70e0bcfea59aeef9dd98908cbbf655"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce55f63f6cea4cab8ae9212f73285648a5baa30d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48765.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48765"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8003c9ae204e21204e49816c5ea629357e283b06"},{"fixed":"54b3439c8e70e0bcfea59aeef9dd98908cbbf655"},{"fixed":"ce55f63f6cea4cab8ae9212f73285648a5baa30d"},{"fixed":"35fe7cfbab2e81f1afb23fc4212210b1de6d9633"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48765.json"}}],"schema_version":"1.7.5"}