lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8734qc3v1m.fsf@mail.lhotse>
Date: Tue, 21 May 2024 09:47:33 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Geoff Levand
 <geoff@...radead.org>, cve@...nel.org, linux-kernel@...r.kernel.org,
 linux-cve-announce@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable
 PPC64_BIG_ENDIAN_ELF_ABI_V2

Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes:
> On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
>> On 5/20/24 16:04, Michael Ellerman wrote:
>> > Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes:
>> >> Description
>> >> ===========
>> >>
>> >> In the Linux kernel, the following vulnerability has been resolved:
>> >>
>> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>> >>
>> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
>> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
>> >> that is incompatible with the current code for the PS3's LV1 hypervisor
>> >> calls.
>> >>
>> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
>> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>> >>
>> >> Fixes run time errors like these:
>> >>
>> >>   BUG: Kernel NULL pointer dereference at 0x00000000
>> >>   Faulting instruction address: 0xc000000000047cf0
>> >>   Oops: Kernel access of bad area, sig: 11 [#1]
>> >>   Call Trace:
>> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>> >>
>> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
>> > 
>> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
>> > boot, so the system is not vulnerable it's just broken :)
>> 
>> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
>> boot, so there is no chance of a vulnerability.
>
> The definition of "vulnerability" from CVE.org is:
> 	An instance of one or more weaknesses in a Product that can be
> 	exploited, causing a negative impact to confidentiality, integrity, or
> 	availability; a set of conditions or behaviors that allows the
> 	violation of an explicit or implicit security policy.
>
> Having a system that does not boot is a "negative impact to
> availability", which is why this was selected for a CVE.  I.e. if a new
> kernel update has this problem in it, it would not allow the system to
> boot correctly.

I think the key word above is "exploited", implying some sort of
unauthorised action.

This bug can cause the system to not boot, but only by someone who
builds a new kernel and installs it - and if they have permission to do
that they can just replace the kernel with anything, they don't need a
bug.

> But, if the maintainer of the subsystem thinks this should not be
> assigned a CVE because of this fix, we'll be glad to revoke it.
>
> Michael, still want this revoked?

Yes please.

cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ