CVE-2022-49054: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49054 affects the Linux kernel's Hyper-V vmbus driver. The vulnerability was discovered when it was found that hvpanicpage might contain guest-sensitive information that could be exposed by dumping it to Hyper-V in isolated guest environments. The issue was reported by Dexuan Cui and resolved through a patch that deactivates sysctlrecordpanic_msg by default in isolated guests (Kernel Git).

The vulnerability exists in the Linux kernel's vmbus driver for Hyper-V. The issue involves the sysctlrecordpanicmsg functionality, which was previously enabled by default even in isolated guest environments. The fix modifies the vmbusbusinit function to check if isolation is supported (hvisisolationsupported()) and if so, deactivates sysctlrecordpanicmsg by default. The patch also updates comments in hyperv{panic,die}_event() functions for better clarity (Kernel Git). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability could potentially expose sensitive guest information through the hvpanicpage when panic messages are recorded and dumped to Hyper-V in isolated guest environments (Kernel Git).

The vulnerability has been patched by modifying the default behavior of sysctlrecordpanic_msg to be disabled in isolated guest environments. The fix has been implemented in the Linux kernel, ensuring that guest-sensitive information is not inadvertently exposed through panic message dumps (Kernel Git).