mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.1 KiB
1.1 KiB
CVE-2024-36953
Description
In the Linux kernel, the following vulnerability has been resolved:KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()vgic_v2_parse_attr() is responsible for finding the vCPU that matchesthe user-provided CPUID, which (of course) may not be valid. If the IDis invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handledgracefully.Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()actually returns something and fail the ioctl if not.
POC
Reference
No PoCs from references.