CVE-2024-55881: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-55881 is a vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) x86 implementation, discovered and disclosed on January 11, 2025. The vulnerability specifically affects the handling of hypercalls in protected guest environments such as SEV-ES and SEV-SNP (NVD).

The vulnerability stems from incorrect detection of 64-bit hypercalls in the completehypercallexit() function. The function was using is64bitmode() instead of is64bithypercall() to detect 64-bit hypercalls. For guests with protected state (SEV-ES and SEV-SNP), KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. This issue was discovered when the sevsmoketest selftest generated a KVMHCMAPGPARANGE hypercall via VMGEXIT (Kernel Patch).

The vulnerability affects the proper handling of hypercalls in protected guest environments using KVM virtualization on x86 systems. When triggered, it can cause system warnings and potential improper handling of hypercalls, which could affect the stability and security of virtualized environments (NVD).

The vulnerability has been patched in the Linux kernel by replacing is64bitmode() with is64bithypercall() in the completehypercallexit() function. The fix has been included in various kernel versions and distributions, including Debian 11 (Bullseye) in version 6.1.6.1.128-1~deb11u1 (Debian Update).