What the vulnerability does

01Description

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

Key dates

02Disclosure timeline

May 31, 2022 CVE published
August 3, 2024 Record updated