{ "id": "CVE-2024-38667", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-24T14:15:12.790", "lastModified": "2024-11-21T09:26:35.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: prevent pt_regs corruption for secondary idle threads\n\nTop of the kernel thread stack should be reserved for pt_regs. However\nthis is not the case for the idle threads of the secondary boot harts.\nTheir stacks overlap with their pt_regs, so both may get corrupted.\n\nSimilar issue has been fixed for the primary hart, see c7cdd96eca28\n(\"riscv: prevent stack corruption by reserving task_pt_regs(p) early\").\nHowever that fix was not propagated to the secondary harts. The problem\nhas been noticed in some CPU hotplug tests with V enabled. The function\nsmp_callin stored several registers on stack, corrupting top of pt_regs\nstructure including status field. As a result, kernel attempted to save\nor restore inexistent V context." }, { "lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv: evita la corrupci\u00f3n de pt_regs para subprocesos inactivos secundarios La parte superior de la pila de subprocesos del kernel debe reservarse para pt_regs. Sin embargo, este no es el caso de los subprocesos inactivos de los corazones de arranque secundarios. Sus pilas se superponen con sus pt_regs, por lo que ambos pueden corromperse. Se ha solucionado un problema similar para el coraz\u00f3n principal; consulte c7cdd96eca28 (\"riscv: evite la corrupci\u00f3n de la pila reservando task_pt_regs(p) anticipadamente\"). Sin embargo, esa soluci\u00f3n no se propag\u00f3 a los corazones secundarios. El problema se ha observado en algunas pruebas de conexi\u00f3n en caliente de CPU con V habilitado. La funci\u00f3n smp_callin almacen\u00f3 varios registros en la pila, corrompiendo la parte superior de la estructura pt_regs, incluido el campo de estado. Como resultado, el kernel intent\u00f3 guardar o restaurar el contexto V inexistente." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.7", "matchCriteriaId": "C3821E00-CCBB-4CD4-AD2C-D47DFF2F5A34" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.93", "matchCriteriaId": "7446FC33-DC4F-4D31-94B5-FB577CFA66F4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.33", "matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.9.4", "matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ] }, { "url": "https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ] } ] }