CVE-2024-26992: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26992 affects the Linux kernel's KVM (Kernel-based Virtual Machine) implementation, specifically related to adaptive PEBS (Precise Event Based Sampling) support. The vulnerability was discovered in March 2024 and disclosed in May 2024. The issue allows a guest virtual machine to potentially leak host kernel addresses through host LBRs (Last Branch Records) (Kernel Git).

The vulnerability stems from multiple architectural flaws in KVM's implementation of adaptive PEBS virtualization. The main issues include: 1) KVM not accounting for upper 32 bits of IA32FIXEDCTRCTRL when programming fixed counters, 2) KVM always setting preciseip to non-zero for PEBS events causing adaptive record generation, 3) perf subsystem issues with clearing ICLFIXED0_ADAPTIVE bits, 4) potential bypass of event filters set by the host through Updated Memory Access Info Group, and 5) failure to ensure LBR MSRs contain guest values or zeros when entering a vCPU with adaptive PEBS enabled (Kernel Git).

The primary security impact is that a guest virtual machine can read host LBRs (Last Branch Records), which can expose host kernel addresses to the guest. This information leak could potentially be used by attackers to gather information about the host system's kernel memory layout, which could aid in further attacks. Additionally, the vulnerability allows bypassing userspace event filters set via KVMSETPMUEVENTFILTER (Kernel Git).

The vulnerability has been addressed by completely disabling support for adaptive PEBS in KVM. This was chosen as an immediate fix due to the severity of the LBR leak and because fixing all the identified bugs would be non-trivial and not suitable for backporting to stable kernels. While this fix will break live migration for VMs using adaptive PEBS, it was deemed acceptable as there are no known publicly available VMMs that support adaptive PEBS live migration (Kernel Git).