CVE-2022-49610: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49610 affects the Linux kernel's KVM (Kernel-based Virtual Machine) VMX implementation. The vulnerability was discovered in the handling of returns between SPEC_CTRL value writing and vmenter operations. It was disclosed on February 26, 2025, and affects various Linux distributions including Ubuntu versions 22.04 LTS (jammy) and 20.04 LTS (focal) (Ubuntu Security, RedHat Security).

The vulnerability exists in the VMX (Virtual Machine Extensions) component where balanced returns occur between the time the guest's SPEC_CTRL value is written and the vmenter operation. While balanced returns (matched by a preceding call) are typically safe, there's a theoretical possibility that a Non-Maskable Interrupt (NMI) with a deep call stack could empty the Return Stack Buffer (RSB) before one of the returns, potentially leading to RSB underflow attacks (Kernel Git). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with attack vector: Local, attack complexity: Low, privileges required: Low, user interaction: None, scope: Unchanged, and impact primarily on availability (RedHat Security).

The vulnerability could potentially allow an attacker to cause RSB underflow, which might lead to speculative execution attacks. The primary impact is on system availability, with no direct impact on confidentiality or integrity of the system (RedHat Security).

The vulnerability has been patched by preventing any returns (balanced or otherwise) between the SPEC_CTRL write and the vmenter operation. The fix has been implemented in the Linux kernel, and affected distributions are releasing updates. For Ubuntu systems, updates are being worked on for versions 22.04 LTS and 20.04 LTS (Ubuntu Security).