cve/published/2024/CVE-2024-26816.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26816: x86, relocs: Ignore relocations in .notes section

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 x86, relocs: Ignore relocations in .notes section

 When building with CONFIG_XEN_PV=y, .text symbols are emitted into
 the .notes section so that Xen can find the "startup_xen" entry point.
 This information is used prior to booting the kernel, so relocations
 are not useful. In fact, performing relocations against the .notes
 section means that the KASLR base is exposed since /sys/kernel/notes
 is world-readable.

 To avoid leaking the KASLR base without breaking unprivileged tools that
 are expecting to read /sys/kernel/notes, skip performing relocations in
 the .notes section. The values readable in .notes are then identical to
 those found in System.map.

 The Linux kernel CVE team has assigned CVE-2024-26816 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 4.19.311 with commit 13edb509abc91c72152a11baaf0e7c060a312e03
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.4.273 with commit 52018aa146e3cf76569a9b1e6e49a2b7c8d4a088
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.10.214 with commit a4e7ff1a74274e59a2de9bb57236542aa990d20a
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.15.153 with commit c7cff9780297d55d97ad068b68b703cfe53ef9af
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.1.83 with commit 47635b112a64b7b208224962471e7e42f110e723
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.6.23 with commit af2a9f98d884205145fd155304a6955822ccca1c
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.7.11 with commit ae7079238f6faf1b94accfccf334e98b46a0c0aa
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.8.2 with commit 5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40
 	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.9 with commit aaa8736370db1a78f0e8434344a484f9fd20be3b

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26816
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/x86/tools/relocs.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03
 	https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088
 	https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a
 	https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af
 	https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723
 	https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c
 	https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa
 	https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40
 	https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26816: x86, relocs: Ignore relocations in .notes section

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	x86, relocs: Ignore relocations in .notes section

	When building with CONFIG_XEN_PV=y, .text symbols are emitted into
	the .notes section so that Xen can find the "startup_xen" entry point.
	This information is used prior to booting the kernel, so relocations
	are not useful. In fact, performing relocations against the .notes
	section means that the KASLR base is exposed since /sys/kernel/notes
	is world-readable.

	To avoid leaking the KASLR base without breaking unprivileged tools that
	are expecting to read /sys/kernel/notes, skip performing relocations in
	the .notes section. The values readable in .notes are then identical to
	those found in System.map.

	The Linux kernel CVE team has assigned CVE-2024-26816 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 4.19.311 with commit 13edb509abc91c72152a11baaf0e7c060a312e03
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.4.273 with commit 52018aa146e3cf76569a9b1e6e49a2b7c8d4a088
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.10.214 with commit a4e7ff1a74274e59a2de9bb57236542aa990d20a
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 5.15.153 with commit c7cff9780297d55d97ad068b68b703cfe53ef9af
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.1.83 with commit 47635b112a64b7b208224962471e7e42f110e723
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.6.23 with commit af2a9f98d884205145fd155304a6955822ccca1c
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.7.11 with commit ae7079238f6faf1b94accfccf334e98b46a0c0aa
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.8.2 with commit 5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40
	Issue introduced in 2.6.23 with commit 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 and fixed in 6.9 with commit aaa8736370db1a78f0e8434344a484f9fd20be3b

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26816
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/x86/tools/relocs.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03
	https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088
	https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a
	https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af
	https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723
	https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c
	https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa
	https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40
	https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b