CVE-2022-49557 is a vulnerability in the Linux kernel's handling of the floating-point unit (FPU) state within Kernel-based Virtual Machine (KVM) virtualization on x86 architectures. The issue arises from how KVM sets the base guest FPU user ABI (uABI) size to the size of the 'struct kvm_xsave'. This struct represents KVM's historical uABI size for saving the FPU state. The vulnerability manifests when KVM attempts to save the FPU state for userspace and sets the FP+SSE bits in the XSAVE header even if the host CPU does not support the XSAVE feature set. XSAVE is an instruction set extension used to save processor extended states, including floating-point and SIMD registers. The intent behind setting the XSAVE header is to allow virtual machines (VMs) to migrate seamlessly between hosts that do and do not support XSAVE, without the new host needing to handle potentially incompatible FPU states. However, when the uABI size is set to the host's default size rather than KVM's historical size, this leads to out-of-bounds memory writes during the setting of FP+SSE bits. This memory corruption is detected by Kernel Address Sanitizer (KASAN) as slab-out-of-bounds errors, indicating that KVM writes beyond the allocated memory region for the FPU state. The problem is particularly evident on older CPUs without XSAVE support, such as Intel Core2 processors. The vulnerability can cause data corruption and potentially destabilize the host kernel or the guest VM. The kernel logs show detailed KASAN error messages, including stack traces pointing to the faulty function 'fpu_copy_uabi_to_guest_fpstate'. The vulnerability is rooted in improper handling of the FPU state size and feature flags during virtualization operations, leading to memory safety violations. No known exploits are reported in the wild as of the publication date. The vulnerability affects specific Linux kernel versions identified by commit hashes, and it has been publicly disclosed without an assigned CVSS score. This issue is primarily relevant to environments running KVM virtualization on x86 hosts, especially those with older CPUs lacking XSAVE support.

For European organizations, the impact of CVE-2022-49557 depends largely on their use of KVM virtualization on Linux hosts with older x86 CPUs. Organizations running virtualized workloads on legacy hardware, such as Intel Core2 or similar processors without XSAVE support, are at risk of memory corruption leading to potential host kernel crashes or guest VM instability. This can result in denial of service (DoS) conditions affecting critical services hosted in VMs, potentially disrupting business operations. Data corruption in the FPU state could also lead to incorrect computational results within VMs, impacting applications relying on floating-point calculations. Although no direct remote code execution or privilege escalation is indicated, the memory corruption vulnerability could be leveraged in complex attack chains if combined with other vulnerabilities. European data centers and cloud providers using KVM on older hardware may face increased operational risks and maintenance overhead. Additionally, organizations in sectors with high virtualization usage—such as finance, telecommunications, and research institutions—may experience service interruptions or require urgent patching. The lack of known exploits reduces immediate threat levels but does not eliminate the risk of future exploitation. Overall, the vulnerability poses a medium risk to availability and integrity of virtualized environments in Europe, especially where legacy hardware remains in use.

To mitigate CVE-2022-49557, European organizations should: 1) Identify and inventory Linux hosts running KVM virtualization, focusing on those with older x86 CPUs lacking XSAVE support. 2) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. Since no patch links are provided, organizations should monitor official Linux kernel repositories and distribution advisories for updates related to this CVE. 3) Where possible, upgrade hardware to CPUs that support XSAVE to avoid triggering the vulnerable code path. 4) Enable Kernel Address Sanitizer (KASAN) or similar kernel debugging tools in test environments to detect memory corruption issues early. 5) Implement strict VM migration policies to avoid migrating VMs to hosts with incompatible CPU features until patches are applied. 6) Regularly audit virtualization infrastructure for anomalous crashes or kernel warnings that may indicate exploitation attempts. 7) Consider isolating critical workloads from legacy hardware or using alternative virtualization technologies if patching or hardware upgrades are not immediately feasible. 8) Maintain robust backup and recovery procedures to minimize operational impact from potential DoS or data corruption incidents. These steps go beyond generic advice by emphasizing hardware assessment, proactive patch monitoring, and virtualization-specific operational controls.