CVE-2023-53769

Vulnerability

In the Linux kernel's SEV guest driver (virt/coco/sev-guest), encryption algorithms previously read and wrote directly to shared unencrypted memory. This design allowed the host to observe sensitive data and tamper with message integrity, undermining the confidentiality and authenticity of SEV communication [1][2][3][4].

Exploitation

The attack surface is the shared memory region between guest and host. A malicious host with control over this shared memory can exploit the lack of double-buffering to extract decrypted data or inject forged messages without detection. No guest authentication is required; the vulnerability is inherent in the direct memory access pattern.

Impact

An attacker (the host) can leak confidential guest data, such as encryption keys or secrets, and also modify the content of SEV guest messages, potentially leading to guest compromise or bypass of SEV security guarantees.

Mitigation

The fix introduces double-buffering: messages are copied into private memory before encryption/decryption operations. This ensures that only encrypted data resides in shared memory. The patch has been applied to multiple stable kernel branches via commits [1][2][3][4]. Users should update to the latest stable kernel that includes the fix.