Ddos 
An unpleasant flaw surfaced in Linux—one capable of causing serious headaches for server administrators, particularly in public cloud environments. The issue arises when a KVM guest virtual machine uses Intel Advanced Matrix Extensions (AMX), triggering a kernel panic on the host system. The problem affects kernel branches released since 2022 and applies to versions starting at least with Linux 5.17, meaning virtually all modern deployments where AMX is actively used in production.
AMX is a set of extensions Intel promotes as a key advantage of recent Xeon Scalable generations, accelerating matrix operations and delivering tangible benefits for AI workloads when paired with suitable software. However, a flaw has emerged in KVM’s handling of FPU and XSAVE state: invoking AMX inside a guest can provoke an unexpected #NM exception, ultimately crashing the host.
A series of fixes has already been proposed. Linux KVM maintainer Paolo Bonzini of Red Hat published patches to the kernel mailing list, detailing the root cause. As he explains, the XFD value configured by the guest and stored in fpstate->xfd is reused both during guest execution and during host-side state save operations via XSAVE. A guest can configure XFD in a way that disables capabilities the host requires to correctly restore guest state with XRSTOR—creating a direct path to a kernel panic.
The proposed patch set addresses this by separating the “guest” XFD from the value held in fpstate->xfd, and by adding new selftests to reproduce the desynchronization between XFD and XSAVE state. The patches are currently under review; once accepted, they are expected to land in the mainline kernel and be backported to stable branches. At the time of writing, no public CVE appears to have been assigned, and the issue is being treated as a potential denial-of-service vulnerability.
Donate