CVE-2024-25743: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-25743 (also known as part of "WeSee") is a vulnerability discovered in the Linux kernel through version 6.9, affecting AMD SEV-SNP and AMD SEV-ES systems. The vulnerability allows an untrusted hypervisor to inject virtual interrupts 0 and 14 at any point in time, which can trigger the SIGFPE signal handler in userspace applications (NVD, Ubuntu).

The vulnerability stems from the hypervisor's ability to inject external interrupts to CPUs, specifically #VC exceptions. The SEV-SNP system invokes the #VC exception handler in the VM without verifying the authenticity of the root cause. Notably, the VC handler does not validate whether the VM actually executed an instruction that would legitimately trigger a #VC exception. The CVSS v3.1 base score for this vulnerability is 7.1 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (Red Hat).

Each malicious #VC injection can trick the handler into emulating an instruction that either writes attacker-controlled data to the VM or leaks sensitive VM data to the hypervisor. This affects scenarios where the hypervisor is not trusted, particularly in Confidential VM setups (SUSE).

The vulnerability requires the AMD SEV-SNP Restricted Injection feature for mitigation. However, many affected hypervisor setups used at Cloud Service Providers do not currently offer this feature. Multiple Linux distributions have released security updates to address this vulnerability, including Red Hat Enterprise Linux versions 8 and 9 through various security advisories (Red Hat).