| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2023-52994: acpi: Fix suspend with Xen PV |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| acpi: Fix suspend with Xen PV |
| |
| Commit f1e525009493 ("x86/boot: Skip realmode init code when running as |
| Xen PV guest") missed one code path accessing real_mode_header, leading |
| to dereferencing NULL when suspending the system under Xen: |
| |
| [ 348.284004] PM: suspend entry (deep) |
| [ 348.289532] Filesystems sync: 0.005 seconds |
| [ 348.291545] Freezing user space processes ... (elapsed 0.000 seconds) done. |
| [ 348.292457] OOM killer disabled. |
| [ 348.292462] Freezing remaining freezable tasks ... (elapsed 0.104 seconds) done. |
| [ 348.396612] printk: Suspending console(s) (use no_console_suspend to debug) |
| [ 348.749228] PM: suspend devices took 0.352 seconds |
| [ 348.769713] ACPI: EC: interrupt blocked |
| [ 348.816077] BUG: kernel NULL pointer dereference, address: 000000000000001c |
| [ 348.816080] #PF: supervisor read access in kernel mode |
| [ 348.816081] #PF: error_code(0x0000) - not-present page |
| [ 348.816083] PGD 0 P4D 0 |
| [ 348.816086] Oops: 0000 [#1] PREEMPT SMP NOPTI |
| [ 348.816089] CPU: 0 PID: 6764 Comm: systemd-sleep Not tainted 6.1.3-1.fc32.qubes.x86_64 #1 |
| [ 348.816092] Hardware name: Star Labs StarBook/StarBook, BIOS 8.01 07/03/2022 |
| [ 348.816093] RIP: e030:acpi_get_wakeup_address+0xc/0x20 |
| |
| Fix that by adding an optional acpi callback allowing to skip setting |
| the wakeup address, as in the Xen PV case this will be handled by the |
| hypervisor anyway. |
| |
| The Linux kernel CVE team has assigned CVE-2023-52994 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 6.1.2 with commit b1898793777fe10a31c160bb8bc385d6eea640c6 and fixed in 6.1.9 with commit b96903b7fc8c82ddfd92df4cdd83db3e567da0a5 |
| Issue introduced in 6.0.16 with commit 3414632beaadf635a4affd4ae278297978640965 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2023-52994 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| arch/x86/include/asm/acpi.h |
| drivers/acpi/sleep.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/b96903b7fc8c82ddfd92df4cdd83db3e567da0a5 |
| https://git.kernel.org/stable/c/fe0ba8c23f9a35b0307eb662f16dd3a75fcdae41 |
