cve/published/2024/CVE-2024-39483.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI.  KVM's ABI for NMIs that arrive simultanesouly (from KVM's point of\nview) is to inject one NMI and pend the other.  When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can't immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM's behavior is to provide functionality that is as close to real\nhardware as possible.  E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow.  For GIF=0, the argument isn't\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled.  And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\").  I.e. KVM's GIF=0 handling shouldn't be\nmodified without a *really* good reason to do so, and if KVM's behavior\nwere to be modified, it should be done irrespective of vNMI support."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kvm/svm/svm.c"
                ],
                "versions": [
                   {
                      "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
                      "lessThan": "f79edaf7370986d73d204b36c50cc563a4c0f356",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
                      "lessThan": "1d87cf2eba46deaff6142366127f2323de9f84d1",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
                      "lessThan": "b4bd556467477420ee3a91fbcba73c579669edc6",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kvm/svm/svm.c"
                ],
                "versions": [
                   {
                      "version": "6.4",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.4",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.34",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.9.5",
                      "lessThanOrEqual": "6.9.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.10",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.6.34"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.9.5"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.10"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
             },
             {
                "url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
             },
             {
                "url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
             }
          ],
          "title": "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-39483",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI. KVM's ABI for NMIs that arrive simultanesouly (from KVM's point of\nview) is to inject one NMI and pend the other. When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can't immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM's behavior is to provide functionality that is as close to real\nhardware as possible. E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow. For GIF=0, the argument isn't\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled. And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\"). I.e. KVM's GIF=0 handling shouldn't be\nmodified without a really good reason to do so, and if KVM's behavior\nwere to be modified, it should be done irrespective of vNMI support."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kvm/svm/svm.c"
	],
	"versions": [
	{
	"version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
	"lessThan": "f79edaf7370986d73d204b36c50cc563a4c0f356",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
	"lessThan": "1d87cf2eba46deaff6142366127f2323de9f84d1",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
	"lessThan": "b4bd556467477420ee3a91fbcba73c579669edc6",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kvm/svm/svm.c"
	],
	"versions": [
	{
	"version": "6.4",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.4",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.34",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.9.5",
	"lessThanOrEqual": "6.9.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.10",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.6.34"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.9.5"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.10"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
	},
	{
	"url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
	},
	{
	"url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
	}
	],
	"title": "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-39483",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}