CVE-2024-53195: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53195 affects the Linux kernel's KVM (Kernel Virtual Machine) subsystem, specifically in the ARM64 architecture. The vulnerability was discovered and disclosed on December 27, 2024, and involves improper use of userspace_irqchip_in_use that can lead to a system warning in kvm_timer_update_irq() (Kernel Git).

The vulnerability occurs in a specific sequence where userspace creates a VM and vCPU, initializes the vCPU with KVM_ARM_VCPU_PMU_V3 during KVM_ARM_VCPU_INIT, and issues KVM_RUN without proper setup of vGIC or vPMU. When vPMU is requested but not setup, kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change(), causing KVM_RUN to return after enabling the timer but before incrementing userspace_irqchip_in_use. If userspace ignores the error and issues KVM_ARM_VCPU_INIT again, it triggers a WARN_ON() in kvm_timer_update_irq() (Kernel Git).

The vulnerability can lead to system warnings and potential system instability when using KVM on ARM64 systems. The issue specifically affects the timer and interrupt handling mechanisms in the KVM subsystem (Kernel Git).

The issue has been resolved by replacing the userspace_irqchip_in_use functionality with '!irqchip_in_kernel()', eliminating the static key to avoid mismanagement. This fix helps prevent the syzbot issue and improves the overall reliability of the KVM subsystem on ARM64 (Kernel Git).