admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/53xxx/CVE-2024-53195.json

114 lines
7.9 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-11-19 18:01:00 +00:00
{
"-Synchronized-Data."
2024-12-29 03:20:44 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-11-19 18:01:00 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-53195",
"-Synchronized-Data."
2024-12-29 03:20:44 +00:00
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-11-19 18:01:00 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-12-29 03:20:44 +00:00
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Get rid of userspace_irqchip_in_use\n\nImproper use of userspace_irqchip_in_use led to syzbot hitting the\nfollowing WARN_ON() in kvm_timer_update_irq():\n\nWARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459\nkvm_timer_update_irq+0x21c/0x394\nCall trace:\n kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459\n kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968\n kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264\n kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline]\n kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline]\n kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695\n kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nThe following sequence led to the scenario:\n - Userspace creates a VM and a vCPU.\n - The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during\n KVM_ARM_VCPU_INIT.\n - Without any other setup, such as vGIC or vPMU, userspace issues\n KVM_RUN on the vCPU. Since the vPMU is requested, but not setup,\n kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change().\n As a result, KVM_RUN returns after enabling the timer, but before\n incrementing 'userspace_irqchip_in_use':\n kvm_arch_vcpu_run_pid_change()\n ret = kvm_arm_pmu_v3_enable()\n if (!vcpu->arch.pmu.created)\n return -EINVAL;\n if (ret)\n return ret;\n [...]\n if (!irqchip_in_kernel(kvm))\n static_branch_inc(&userspace_irqchip_in_use);\n - Userspace ignores the error and issues KVM_ARM_VCPU_INIT again.\n Since the timer is already enabled, control moves through the\n following flow, ultimately hitting the WARN_ON():\n kvm_timer_vcpu_reset()\n if (timer->enabled)\n kvm_timer_update_irq()\n if (!userspace_irqchip())\n ret = kvm_vgic_inject_irq()\n ret = vgic_lazy_init()\n if (unlikely(!vgic_initialized(kvm)))\n if (kvm->arch.vgic.vgic_model !=\n KVM_DEV_TYPE_ARM_VGIC_V2)\n return -EBUSY;\n WARN_ON(ret);\n\nTheoretically, since userspace_irqchip_in_use's functionality can be\nsimply replaced by '!irqchip_in_kernel()', get rid of the static key\nto avoid the mismanagement, which also helps with the syzbot issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
"-Synchronized-Data."
2024-11-19 18:01:00 +00:00
}
]
"-Synchronized-Data."
2024-12-29 03:20:44 +00:00
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "dd2f9861f27571d47998d71e7516bf7216db0b52"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dd2f9861f27571d47998d71e7516bf7216db0b52",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dd2f9861f27571d47998d71e7516bf7216db0b52"
},
{
"url": "https://git.kernel.org/stable/c/c16e2dba39ff6ae84bb8dc9c8e0fb21d9b2f6f5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c16e2dba39ff6ae84bb8dc9c8e0fb21d9b2f6f5c"
},
{
"url": "https://git.kernel.org/stable/c/fe425d5239a28c21e0c83ee7a8f4cb210d29fdb4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe425d5239a28c21e0c83ee7a8f4cb210d29fdb4"
},
{
"url": "https://git.kernel.org/stable/c/38d7aacca09230fdb98a34194fec2af597e8e20d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/38d7aacca09230fdb98a34194fec2af597e8e20d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
"-Synchronized-Data."
2024-11-19 18:01:00 +00:00
}
}
Reference in New Issue Copy Permalink