CVE-2022-48763: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's KVM (Kernel-based Virtual Machine) x86 virtualization implementation. The issue occurs when userspace toggles SMM (System Management Mode) state via KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If userspace forces the vCPU out of SMM while it's post-VMXON and then injects an SMI, it results in an inconsistent state where both vmxon=false and smm.vmxon=false, but all other nVMX state remains allocated (Kernel Git).

The vulnerability stems from improper handling of SMM state transitions in nested virtualization. The issue manifests when vmxentersmm() overwrites vmx->nested.smm.vmxon, leading to an architecturally impossible state. The bug is particularly problematic because KVMSETVCPUEVENTS must precede KVMSETNESTEDSTATE during state restore, as the latter disallows putting the vCPU into L2 if SMM is active, and disallows tagging the vCPU as being post-VMXON in SMM if SMM is not active (Kernel Git).

The vulnerability primarily manifests as a memory leak in nVMX due to failure to free vmcs01's shadow VMCS. However, the impact extends beyond memory leaks - for example, toggling SMM on while L2 is active puts the vCPU in an architecturally impossible state, which could lead to system instability or security issues (Kernel Git).

The fix involves forcibly leaving nested virtualization operation when userspace toggles SMM state. This is implemented by adding a new leave_nested operation to the nested ops structure and calling it when SMM state changes. The fix has been implemented in the Linux kernel through a series of patches (Kernel Git).