cve/published/2024/CVE-2024-53135.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y.  There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest's) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check).  Per the SDM:\n\n  If the logical processor is operating with Intel PT enabled (if\n  IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n  IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn't validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit.  E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kvm/vmx/vmx.c"
                ],
                "versions": [
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "c3742319d021f5aa3a0a8c828485fee14753f6de",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "d4b42f926adcce4e5ec193c714afd9d37bba8e5b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "b8a1d572478b6f239061ee9578b2451bf2f021c2",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "e6716f4230a8784957273ddd27326264b27b9313",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "d28b059ee4779b5102c5da6e929762520510e406",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "b91bb0ce5cd7005b376eac690ec664c1b56372ec",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
                      "lessThan": "aa0d42cacf093a6fcca872edc954f6f812926a17",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kvm/vmx/vmx.c"
                ],
                "versions": [
                   {
                      "version": "5.0",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "5.0",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.4.287",
                      "lessThanOrEqual": "5.4.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.10.231",
                      "lessThanOrEqual": "5.10.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15.174",
                      "lessThanOrEqual": "5.15.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.1.119",
                      "lessThanOrEqual": "6.1.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.63",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.11.10",
                      "lessThanOrEqual": "6.11.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "5.4.287"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "5.10.231"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "5.15.174"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "6.1.119"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "6.6.63"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "6.11.10"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.0",
                            "versionEndExcluding": "6.12"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de"
             },
             {
                "url": "https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b"
             },
             {
                "url": "https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2"
             },
             {
                "url": "https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313"
             },
             {
                "url": "https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406"
             },
             {
                "url": "https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec"
             },
             {
                "url": "https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17"
             }
          ],
          "title": "KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-53135",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and stays disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest's) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check). Per the SDM:\n\n If the logical processor is operating with Intel PT enabled (if\n IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn't validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kvm/vmx/vmx.c"
	],
	"versions": [
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "c3742319d021f5aa3a0a8c828485fee14753f6de",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "d4b42f926adcce4e5ec193c714afd9d37bba8e5b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "b8a1d572478b6f239061ee9578b2451bf2f021c2",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "e6716f4230a8784957273ddd27326264b27b9313",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "d28b059ee4779b5102c5da6e929762520510e406",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "b91bb0ce5cd7005b376eac690ec664c1b56372ec",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
	"lessThan": "aa0d42cacf093a6fcca872edc954f6f812926a17",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kvm/vmx/vmx.c"
	],
	"versions": [
	{
	"version": "5.0",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "5.0",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.4.287",
	"lessThanOrEqual": "5.4.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.10.231",
	"lessThanOrEqual": "5.10.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.15.174",
	"lessThanOrEqual": "5.15.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.1.119",
	"lessThanOrEqual": "6.1.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.63",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.11.10",
	"lessThanOrEqual": "6.11.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "5.4.287"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "5.10.231"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "5.15.174"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "6.1.119"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "6.6.63"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "6.11.10"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.0",
	"versionEndExcluding": "6.12"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de"
	},
	{
	"url": "https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b"
	},
	{
	"url": "https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2"
	},
	{
	"url": "https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313"
	},
	{
	"url": "https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406"
	},
	{
	"url": "https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec"
	},
	{
	"url": "https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17"
	}
	],
	"title": "KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-53135",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}