CVE-2024-26990: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability has been identified in the Linux kernel related to KVM (Kernel-based Virtual Machine) x86 MMU handling. The issue involves improper write protection of L2 SPTEs (Second-Level Page Table Entries) in TDP MMU (Two-Dimensional Paging Memory Management Unit) when clearing dirty status. This vulnerability was discovered and resolved in May 2024 (NVD).

The vulnerability stems from the TDP MMU not properly accounting for role-specific reasons when disabling D-bit dirty logging. Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (when L1 has disabled EPT) and PML (Page Modification Logging) is enabled. Since KVM always disables PML when running L2, even when L1 and L2 GPAs are in the same domain, failing to write-protect TDP MMU SPTEs results in writes made by L2 not being reflected in the dirty log (Kernel Git).

When exploited, this vulnerability could lead to incorrect dirty logging behavior in virtualized environments using KVM, particularly affecting nested virtualization scenarios where L2 guests are running. This could potentially impact system stability and the integrity of memory tracking mechanisms (NVD).

The issue has been fixed by implementing proper checks using kvmmmupageadneedwriteprotect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. The fix ensures that the TDP MMU correctly accounts for role-specific reasons when handling dirty bit logging (Kernel Git).