| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption |
| |
| The TPM event log table is a Linux specific construct, where the data |
| produced by the GetEventLog() boot service is cached in memory, and |
| passed on to the OS using an EFI configuration table. |
| |
| The use of EFI_LOADER_DATA here results in the region being left |
| unreserved in the E820 memory map constructed by the EFI stub, and this |
| is the memory description that is passed on to the incoming kernel by |
| kexec, which is therefore unaware that the region should be reserved. |
| |
| Even though the utility of the TPM2 event log after a kexec is |
| questionable, any corruption might send the parsing code off into the |
| weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY |
| instead, which is always treated as reserved by the E820 conversion |
| logic. |
| |
| The Linux kernel CVE team has assigned CVE-2024-49858 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 5.10.227 with commit f76b69ab9cf04358266e3cea5748c0c2791fbb08 |
| Fixed in 5.15.168 with commit 11690d7e76842f29b60fbb5b35bc97d206ea0e83 |
| Fixed in 6.1.113 with commit 5b22c038fb2757c652642933de5664da471f8cb7 |
| Fixed in 6.6.54 with commit 19fd2f2c5fb36b61506d3208474bfd8fdf1cada3 |
| Fixed in 6.10.13 with commit 38d9b07d99b789efb6d8dda21f1aaad636c38993 |
| Fixed in 6.11.2 with commit 2e6871a632a99d9b9e2ce3a7847acabe99e5a26e |
| Fixed in 6.12 with commit 77d48d39e99170b528e4f2e9fc5d1d64cdedd386 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-49858 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/firmware/efi/libstub/tpm.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08 |
| https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83 |
| https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7 |
| https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3 |
| https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993 |
| https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e |
| https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386 |
