| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025030236-item-coral-d4b3@gregkh> Date: Sun, 2 Mar 2025 15:25:50 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Juergen Gross <jgross@...e.com> Cc: cve@...nel.org, linux-kernel@...r.kernel.org Subject: Re: CVE-2025-21818: x86/xen: fix xen_hypercall_hvm() to not clobber %rbx On Fri, Feb 28, 2025 at 08:28:48AM +0100, Juergen Gross wrote: > On 27.02.25 21:03, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > x86/xen: fix xen_hypercall_hvm() to not clobber %rbx > > > > xen_hypercall_hvm(), which is used when running as a Xen PVH guest at > > most only once during early boot, is clobbering %rbx. Depending on > > whether the caller relies on %rbx to be preserved across the call or > > not, this clobbering might result in an early crash of the system. > > > > This can be avoided by using an already saved register instead of %rbx. > > > > The Linux kernel CVE team has assigned CVE-2025-21818 to this issue. > > Please revoke this CVE. > > There is no way an unprivileged user can trigger this issue at will. > The issue is guest local and will either happen very early at boot or > it won't happen at all. > > So no security issue. Now rejected, thanks for the review. greg k-h
Powered by blists - more mailing lists