lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <SN6PR02MB415791F29F01716CCB1A23FAD4B72@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Thu, 10 Apr 2025 19:22:42 +0000
From: Michael Kelley <mhklinux@...look.com>
To: He Zhe <zhe.he@...driver.com>, "rick.p.edgecombe@...el.com"
	<rick.p.edgecombe@...el.com>, "sathyanarayanan.kuppuswamy@...ux.intel.com"
	<sathyanarayanan.kuppuswamy@...ux.intel.com>,
	"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
	"wei.liu@...nel.org" <wei.liu@...nel.org>
CC: "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, LKML
	<linux-kernel@...r.kernel.org>, "stable@...r.kernel.org"
	<stable@...r.kernel.org>
Subject: RE: vmbus CVE-2024-36912 CVE-2024-36913

From: He Zhe <zhe.he@...driver.com> Sent: Wednesday, April 9, 2025 11:15 PM
> 
> Hello,
> 
> I'm investigating if v5.15 and early versions are vulnerable to the following CVEs. Could
> you please help confirm the following cases?
> 
> For CVE-2024-36912, the suggested fix is 211f514ebf1e ("Drivers: hv: vmbus: Track
> decrypted status in vmbus_gpadl") according to https://www.cve.org/CVERecord?id=CVE-2024-36912 
> It seems 211f514ebf1e is based on d4dccf353db8 ("Drivers: hv: vmbus: Mark vmbus
> ring buffer visible to host in Isolation VM") which was introduced since v5.16. For v5.15
> and early versions, vmbus ring buffer hadn't been made visible to host, so there's no
> need to backport 211f514ebf1e to those versions, right?
> 
> For CVE-2024-36913, the suggested fix is 03f5a999adba ("Drivers: hv: vmbus: Leak
> pages if set_memory_encrypted() fails") according to https://www.cve.org/CVERecord?id=CVE-2024-36913
> It seems 03f5a999adba is based on f2f136c05fb6 ("Drivers: hv: vmbus: Add SNP
> support for VMbus channel initiate message") which was introduced since v5.16. For
> v5.15 and early verions, monitor pages hadn't been made visible to host, so there's no
> need to backport 03f5a999adba to those versions, right?
> 

I agree with your conclusions. The two CVE's you list are for Confidential Computing
virtual machines. Support for CoCo VMs (called "Isolation VMs" in commits
d4dccf353db8 and f2f136c05fb6) on Hyper-V was first added in Linux kernel
version 5.16. So the fixes for the CVEs don't need to be backported to any
versions earlier than 5.16.

Michael Kelley

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ