Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
CVE-2022-49883: KVM on 64-bit Linux: Guest Data Corruption from Incorrect RAM Access
CVE-2022-49883
Summary
A vulnerability in the Linux kernel's KVM virtualization feature on 64-bit systems could allow an attacker to access and potentially corrupt guest data. This issue occurs when a guest system without a specific feature is run on a 64-bit host. To mitigate this issue, ensure your Linux kernel is up to date, especially if you're running virtualized systems.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| linux | linux_kernel |
>= 6.0, < 6.0.8 6.1 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Original title
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format
On 64 bit host, if the guest doesn't have X86_FEAT...
Original description
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format
On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will
access 16 gprs to 32-bit smram image, causing out-ouf-bound ram
access.
On 32 bit host, the rsm_load_state_64/enter_smm_save_state_64
is compiled out, thus access overflow can't happen.
KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format
On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will
access 16 gprs to 32-bit smram image, causing out-ouf-bound ram
access.
On 32 bit host, the rsm_load_state_64/enter_smm_save_state_64
is compiled out, thus access overflow can't happen.
nvd CVSS3.1
7.1
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 1 May 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026