[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240311134202.GQ86322@google.com>
Date: Mon, 11 Mar 2024 13:42:02 +0000
From: Lee Jones <lee@...nel.org>
To: Michal Hocko <mhocko@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Juergen Gross <jgross@...e.com>,
Sean Christopherson <seanjc@...gle.com>,
Andrew Cooper <Andrew.Cooper3@...rix.com>
Subject: Re: CVE-2023-52514: x86/reboot: VMCLEAR active VMCSes before
emergency reboot
On Mon, 11 Mar 2024, Michal Hocko wrote:
> On Sat 02-03-24 22:52:59, Greg KH wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > x86/reboot: VMCLEAR active VMCSes before emergency reboot
> >
> > VMCLEAR active VMCSes before any emergency reboot, not just if the kernel
> > may kexec into a new kernel after a crash. Per Intel's SDM, the VMX
> > architecture doesn't require the CPU to flush the VMCS cache on INIT. If
> > an emergency reboot doesn't RESET CPUs, cached VMCSes could theoretically
> > be kept and only be written back to memory after the new kernel is booted,
> > i.e. could effectively corrupt memory after reboot.
> >
> > Opportunistically remove the setting of the global pointer to NULL to make
> > checkpatch happy.
> >
> > The Linux kernel CVE team has assigned CVE-2023-52514 to this issue.
>
> I do not really see the security aspect of this fix. Guests systems
> shouldn't be able to trigger host reboot nor any untrusted entity should
> on the host either or this would be a serious security hole.
>
> Or am I missing something?
Thanks for reporting.
If Sean and/or Paolo agree, we can revoke the CVE for you.
--
Lee Jones [李琼斯]
Powered by blists - more mailing lists