| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024053040-CVE-2024-36953-fc12@gregkh> Date: Thu, 30 May 2024 17:35:50 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-36953: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Description =========== In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. The Linux kernel CVE team has assigned CVE-2024-36953 to this issue. Affected and fixed versions =========================== Issue introduced in 4.7 with commit 7d450e282171 and fixed in 5.10.217 with commit 4404465a1bee Issue introduced in 4.7 with commit 7d450e282171 and fixed in 5.15.159 with commit 17db92da8be5 Issue introduced in 4.7 with commit 7d450e282171 and fixed in 6.1.91 with commit 3a5b0378ac67 Issue introduced in 4.7 with commit 7d450e282171 and fixed in 6.6.31 with commit 8d6a1c8e3de3 Issue introduced in 4.7 with commit 7d450e282171 and fixed in 6.8.10 with commit 01981276d64e Issue introduced in 4.7 with commit 7d450e282171 and fixed in 6.9 with commit 6ddb4f372fc6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36953 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm64/kvm/vgic/vgic-kvm-device.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728 https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80 https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104 https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487 https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb
Powered by blists - more mailing lists