Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2024 / CVE-2024-53687.json
blob: 8a9ca68e76fea01c1d6946b28349e3faf691e284 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix IPIs usage in kfence_protect_page()\n\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\ncores, which triggers the following warning when the irqs are disabled:\n\n[ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\n[ 3.456647] Modules linked in:\n[ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\n[ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\n[ 3.457633] epc : smp_call_function_many_cond+0x452/0x520\n[ 3.457736] ra : on_each_cpu_cond_mask+0x1e/0x30\n[ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\n[ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\n[ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\n[ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\n[ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\n[ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\n[ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\n[ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\n[ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\n[ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\n[ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0\n[ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\n[ 3.458373] [<ffffffff800b669a>] smp_call_function_many_cond+0x452/0x520\n[ 3.458593] [<ffffffff800b67c2>] on_each_cpu_cond_mask+0x1e/0x30\n[ 3.458625] [<ffffffff8000e4ca>] __flush_tlb_range+0x118/0x1ca\n[ 3.458656] [<ffffffff8000e6b2>] flush_tlb_kernel_range+0x1e/0x26\n[ 3.458683] [<ffffffff801ea56a>] kfence_protect+0xc0/0xce\n[ 3.458717] [<ffffffff801e9456>] kfence_guarded_free+0xc6/0x1c0\n[ 3.458742] [<ffffffff801e9d6c>] __kfence_free+0x62/0xc6\n[ 3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c\n[ 3.458786] [<ffffffff80588cf2>] detach_buf_split+0x188/0x1a8\n[ 3.458816] [<ffffffff8058708c>] virtqueue_get_buf_ctx+0xb6/0x1f6\n[ 3.458839] [<ffffffff805871da>] virtqueue_get_buf+0xe/0x16\n[ 3.458880] [<ffffffff80613d6a>] virtblk_done+0x5c/0xe2\n[ 3.458908] [<ffffffff8058766e>] vring_interrupt+0x6a/0x74\n[ 3.458930] [<ffffffff800747d8>] __handle_irq_event_percpu+0x7c/0xe2\n[ 3.458956] [<ffffffff800748f0>] handle_irq_event+0x3c/0x86\n[ 3.458978] [<ffffffff800786cc>] handle_simple_irq+0x9e/0xbe\n[ 3.459004] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a\n[ 3.459027] [<ffffffff804bf87c>] imsic_handle_irq+0xba/0x120\n[ 3.459056] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a\n[ 3.459080] [<ffffffff804bdb76>] riscv_intc_aia_irq+0x24/0x34\n[ 3.459103] [<ffffffff809d0452>] handle_riscv_irq+0x2e/0x4c\n[ 3.459133] [<ffffffff809d923e>] call_on_irq_stack+0x32/0x40\n\nSo only flush the local TLB and let the lazy kfence page fault handling\ndeal with the faults which could happen when a core has an old protected\npte version cached in its TLB. That leads to potential inaccuracies which\ncan be tolerated when using kfence."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"arch/riscv/include/asm/kfence.h"
],
"versions": [
{
"version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
"lessThan": "6f796a6a396d6f963f2cc8f5edd7dfba2cca097f",
"status": "affected",
"versionType": "git"
},
{
"version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
"lessThan": "3abfc4130c4222099c69d023fed97f1180a8ad7b",
"status": "affected",
"versionType": "git"
},
{
"version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
"lessThan": "b3431a8bb336cece8adc452437befa7d4534b2fd",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"arch/riscv/include/asm/kfence.h"
],
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.67",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.6",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "6.6.67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "6.12.6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "6.13"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f"
},
{
"url": "https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b"
},
{
"url": "https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd"
}
],
"title": "riscv: Fix IPIs usage in kfence_protect_page()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-53687",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}