| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024090415-CVE-2024-44965-d41d@gregkh> Date: Wed, 4 Sep 2024 20:36:25 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-44965: x86/mm: Fix pti_clone_pgtable() alignment assumption Description =========== In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions. The Linux kernel CVE team has assigned CVE-2024-44965 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 4.19.320 with commit 18da1b27ce16 Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 5.4.282 with commit 25a727233a40 Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 5.10.224 with commit d00c9b4bbc44 Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 5.15.165 with commit 4d143ae78200 Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 6.1.105 with commit 5c580c1050bc Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 6.6.46 with commit ca07aab70dd3 Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 6.10.5 with commit df3eecb5496f Issue introduced in 4.19 with commit 16a3fe634f6a and fixed in 6.11-rc2 with commit 41e71dbb0e0a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-44965 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/mm/pti.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8 https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6 https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346 https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763 https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c
Powered by blists - more mailing lists