| From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-47722: xen: use correct end address of kernel for conflict checking |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| xen: use correct end address of kernel for conflict checking |
| |
| When running as a Xen PV dom0 the kernel is loaded by the hypervisor |
| using a different memory map than that of the host. In order to |
| minimize the required changes in the kernel, the kernel adapts its |
| memory map to that of the host. In order to do that it is checking |
| for conflicts of its load address with the host memory map. |
| |
| Unfortunately the tested memory range does not include the .brk |
| area, which might result in crashes or memory corruption when this |
| area does conflict with the memory map of the host. |
| |
| Fix the test by using the _end label instead of __bss_stop. |
| |
| The Linux kernel CVE team has assigned CVE-2024-47722 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 5.10.227 with commit cb9134aa0998 |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 5.15.168 with commit ed3e8cc9159a |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 6.1.113 with commit 6434af166441 |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 6.6.54 with commit cafeba3c2a1f |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 6.10.13 with commit aee96b588070 |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 6.11.2 with commit d9ab6bb136ad |
| Issue introduced in 4.3 with commit 808fdb71936c and fixed in 6.12-rc1 with commit fac1bceeeb04 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-47722 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| arch/x86/xen/setup.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/cb9134aa0998304a8521eafebe5ee486038698b3 |
| https://git.kernel.org/stable/c/ed3e8cc9159ae956fb0ac858496f66c803d5bbc8 |
| https://git.kernel.org/stable/c/6434af166441a998644ce961a630948ed5b986ba |
| https://git.kernel.org/stable/c/cafeba3c2a1f015e26feb5629ae696e84cfb5ec9 |
| https://git.kernel.org/stable/c/aee96b588070609dbce40e80899019a6d264069f |
| https://git.kernel.org/stable/c/d9ab6bb136adacc3c25de2032baf89bbad6ca7f8 |
| https://git.kernel.org/stable/c/fac1bceeeb04886fc2ee952672e6e6c85ce41dca |
