CVE-2022-0171: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2022-0171) was discovered in the Linux kernel's KVM SEV (Secure Encrypted Virtualization) API. The flaw was discovered by Mingwei Zhang and disclosed on August 26, 2022. This vulnerability affects Linux systems with AMD CPUs that support SEV, specifically impacting the KVM (Kernel-based Virtual Machine) implementation (Ubuntu Security, NVD).

The vulnerability stems from a cache coherency issue in the SEV API implementation. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization. The issue occurs due to lack of coherency for SEV encrypted memory, where failure to flush results in silent data corruption if userspace is malicious or broken and doesn't ensure SEV guest memory is properly pinned and unpinned (Kernel Commit).

The vulnerability can lead to a denial of service condition where a non-privileged user can crash the host kernel. This affects systems running KVM with SEV-enabled AMD processors. The CVSS score for this vulnerability is 5.5 (Medium), indicating a moderate severity level (Ubuntu Security).

The vulnerability was fixed in Linux kernel version 5.18-rc4 and backported to various distributions. Ubuntu has fixed this in version 5.15.0-57.63 for 22.04 LTS (jammy), and Debian has addressed it in version 5.10.149-1 for the stable distribution (bullseye) (Ubuntu Security, Debian Security).