cve/published/2024/CVE-2024-26617.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26617: fs/proc/task_mmu: move mmu notification mechanism inside mm lock

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 fs/proc/task_mmu: move mmu notification mechanism inside mm lock

 Move mmu notification mechanism inside mm lock to prevent race condition
 in other components which depend on it.  The notifier will invalidate
 memory range.  Depending upon the number of iterations, different memory
 ranges would be invalidated.

 The following warning would be removed by this patch:
 WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734

 There is no behavioural and performance change with this patch when
 there is no component registered with the mmu notifier.

 [akpm@linux-foundation.org: narrow the scope of `range', per Sean]

 The Linux kernel CVE team has assigned CVE-2024-26617 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.7 with commit 52526ca7fdb905a768a93f8faa418e9b988fc34b and fixed in 6.7.3 with commit 05509adf297924f51e1493aa86f9fcde1433ed80
 	Issue introduced in 6.7 with commit 52526ca7fdb905a768a93f8faa418e9b988fc34b and fixed in 6.8 with commit 4cccb6221cae6d020270606b9e52b1678fc8b71a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26617
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/proc/task_mmu.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/05509adf297924f51e1493aa86f9fcde1433ed80
 	https://git.kernel.org/stable/c/4cccb6221cae6d020270606b9e52b1678fc8b71a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26617: fs/proc/task_mmu: move mmu notification mechanism inside mm lock

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	fs/proc/task_mmu: move mmu notification mechanism inside mm lock

	Move mmu notification mechanism inside mm lock to prevent race condition
	in other components which depend on it. The notifier will invalidate
	memory range. Depending upon the number of iterations, different memory
	ranges would be invalidated.

	The following warning would be removed by this patch:
	WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734

	There is no behavioural and performance change with this patch when
	there is no component registered with the mmu notifier.

	[akpm@linux-foundation.org: narrow the scope of `range', per Sean]

	The Linux kernel CVE team has assigned CVE-2024-26617 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.7 with commit 52526ca7fdb905a768a93f8faa418e9b988fc34b and fixed in 6.7.3 with commit 05509adf297924f51e1493aa86f9fcde1433ed80
	Issue introduced in 6.7 with commit 52526ca7fdb905a768a93f8faa418e9b988fc34b and fixed in 6.8 with commit 4cccb6221cae6d020270606b9e52b1678fc8b71a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26617
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/proc/task_mmu.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/05509adf297924f51e1493aa86f9fcde1433ed80
	https://git.kernel.org/stable/c/4cccb6221cae6d020270606b9e52b1678fc8b71a