CVE-2020-11669: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-11669 affects the Linux kernel before version 5.2 on the powerpc platform. The vulnerability exists in arch/powerpc/kernel/idle_book3s.S which does not properly implement save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR registers. The issue was discovered in April 2020 and affects Linux kernels from v4.10 to v5.1 (OSS Security).

The vulnerability stems from improper handling of Authority Mask Register (AMR), Authority Mask Override Register (AMOR), and User Authority Mask Override Register (UAMOR) during CPU idle states on POWER9 processors. When a CPU goes into or comes out of idle state, these registers are not correctly saved and restored, which means a CPU may return from idle with the AMR value of another thread on the same core (OSS Security). The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability allows a local attacker in a guest VM to cause a denial of service (host system crash) on POWER9 KVM hosts. When a guest kernel sets the AMR to prevent userspace access and then goes idle, the hardware thread may later execute in the host without restoring the host AMR value. This causes the host kernel to enter a page fault loop as the AMR unexpectedly causes memory accesses to fail, eventually rendering the host unusable (OSS Security).

The vulnerability was fixed in Linux kernel v5.2 by commit 53a712bae5dd which implements proper save/restore functionality for the affected registers in the idle state handling code (Kernel Commit). The fix has been backported to stable kernel versions 4.19 and 4.14. Red Hat Enterprise Linux 8 kernels from version 4.18.0-147 onwards include the fix (Red Hat).