Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2024 / CVE-2024-35791.json
blob: 7d9ca0c5c5a65c20f8be1323acb985608b7eafdb [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()\n\nDo the cache flush of converted pages in svm_register_enc_region() before\ndropping kvm->lock to fix use-after-free issues where region and/or its\narray of pages could be freed by a different task, e.g. if userspace has\n__unregister_enc_region_locked() already queued up for the region.\n\nNote, the \"obvious\" alternative of using local variables doesn't fully\nresolve the bug, as region->pages is also dynamically allocated. I.e. the\nregion structure itself would be fine, but region->pages could be freed.\n\nFlushing multiple pages under kvm->lock is unfortunate, but the entire\nflow is a rare slow path, and the manual flush is only needed on CPUs that\nlack coherency for encrypted memory."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"versions": [
{
"version": "4f627ecde7329e476a077bb0590db8f27bb8f912",
"lessThan": "2d13b79640b147bd77c34a5998533b2021a4122d",
"status": "affected",
"versionType": "git"
},
{
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"lessThan": "e126b508ed2e616d679d85fca2fbe77bb48bbdd7",
"status": "affected",
"versionType": "git"
},
{
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"lessThan": "4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865",
"status": "affected",
"versionType": "git"
},
{
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"lessThan": "12f8e32a5a389a5d58afc67728c76e61beee1ad4",
"status": "affected",
"versionType": "git"
},
{
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"lessThan": "f6d53d8a2617dd58c89171a6b9610c470ebda38a",
"status": "affected",
"versionType": "git"
},
{
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"lessThan": "5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807",
"status": "affected",
"versionType": "git"
},
{
"version": "f1ecde00ce1694597f923f0d25f7a797c5243d99",
"status": "affected",
"versionType": "git"
},
{
"version": "848bcb0a1d96f67d075465667d3a1ad4af56311e",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.215",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.154",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.84",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.24",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.7.12",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.15",
"versionEndExcluding": "5.10.215"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.154"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.1.84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.6.24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.7.12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.98"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d"
},
{
"url": "https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7"
},
{
"url": "https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865"
},
{
"url": "https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4"
},
{
"url": "https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a"
},
{
"url": "https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807"
}
],
"title": "KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-35791",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}