nvd-json-data-feeds/CVE-2024/CVE-2024-536xx/CVE-2024-53687.json

{
  "id": "CVE-2024-53687",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-01-11T13:15:26.120",
  "lastModified": "2025-01-11T13:15:26.120",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix IPIs usage in kfence_protect_page()\n\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\ncores, which triggers the following warning when the irqs are disabled:\n\n[    3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\n[    3.456647] Modules linked in:\n[    3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\n[    3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\n[    3.457633] epc : smp_call_function_many_cond+0x452/0x520\n[    3.457736]  ra : on_each_cpu_cond_mask+0x1e/0x30\n[    3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\n[    3.457824]  gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\n[    3.457859]  t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\n[    3.457920]  s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\n[    3.457953]  a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\n[    3.458006]  a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\n[    3.458042]  s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\n[    3.458076]  s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\n[    3.458109]  s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\n[    3.458141]  s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\n[    3.458172]  t5 : 0000000000000000 t6 : ff200000000236d0\n[    3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\n[    3.458373] [<ffffffff800b669a>] smp_call_function_many_cond+0x452/0x520\n[    3.458593] [<ffffffff800b67c2>] on_each_cpu_cond_mask+0x1e/0x30\n[    3.458625] [<ffffffff8000e4ca>] __flush_tlb_range+0x118/0x1ca\n[    3.458656] [<ffffffff8000e6b2>] flush_tlb_kernel_range+0x1e/0x26\n[    3.458683] [<ffffffff801ea56a>] kfence_protect+0xc0/0xce\n[    3.458717] [<ffffffff801e9456>] kfence_guarded_free+0xc6/0x1c0\n[    3.458742] [<ffffffff801e9d6c>] __kfence_free+0x62/0xc6\n[    3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c\n[    3.458786] [<ffffffff80588cf2>] detach_buf_split+0x188/0x1a8\n[    3.458816] [<ffffffff8058708c>] virtqueue_get_buf_ctx+0xb6/0x1f6\n[    3.458839] [<ffffffff805871da>] virtqueue_get_buf+0xe/0x16\n[    3.458880] [<ffffffff80613d6a>] virtblk_done+0x5c/0xe2\n[    3.458908] [<ffffffff8058766e>] vring_interrupt+0x6a/0x74\n[    3.458930] [<ffffffff800747d8>] __handle_irq_event_percpu+0x7c/0xe2\n[    3.458956] [<ffffffff800748f0>] handle_irq_event+0x3c/0x86\n[    3.458978] [<ffffffff800786cc>] handle_simple_irq+0x9e/0xbe\n[    3.459004] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a\n[    3.459027] [<ffffffff804bf87c>] imsic_handle_irq+0xba/0x120\n[    3.459056] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a\n[    3.459080] [<ffffffff804bdb76>] riscv_intc_aia_irq+0x24/0x34\n[    3.459103] [<ffffffff809d0452>] handle_riscv_irq+0x2e/0x4c\n[    3.459133] [<ffffffff809d923e>] call_on_irq_stack+0x32/0x40\n\nSo only flush the local TLB and let the lazy kfence page fault handling\ndeal with the faults which could happen when a core has an old protected\npte version cached in its TLB. That leads to potential inaccuracies which\ncan be tolerated when using kfence."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Se corrige el uso de IPI en kfence_protect_page(). flush_tlb_kernel_range() puede usar IPI para vaciar las TLB de todos los n\u00facleos, lo que activa la siguiente advertencia cuando las irq est\u00e1n deshabilitadas: [ 3.455330] ADVERTENCIA: CPU: 1 PID: 0 en kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] M\u00f3dulos vinculados en: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 No contaminado 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : funci\u00f3n_llamada_smp_muchas_cond+0x452/0x520 [ 3.457736] ra : en_cada_m\u00e1scara_cond_de_cpu+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0: ff2000000000bc10 [3.457920] s1: 0000000000000040 a0: ffffffff815221e0 a1: 0000000000000001 [3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 00000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7: 00000000000000001 [3.458109] s8: 0000000000000001 s9: ff60000080841ef0 s10: 0000000000000001 [ 3.458141] t11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] estado: 0000000200000100 direcci\u00f3n incorrecta: ffffffff800b669a causa: 0000000000000003 [ 3.458373] [] funci\u00f3n_llamada_smp_muchas_cond+0x452/0x520 [ 3.458593] [] en cada m\u00e1scara de condici\u00f3n de CPU+0x1e/0x30 [ 3.458625] [] __flush_tlb_range+0x118/0x1ca [ 3.458656] [] flush_tlb_kernel_range+0x1e/0x26 [ 3.458683] [] kfence_protect+0xc0/0xce [ 3.458717] [] kfence_guarded_free+0xc6/0x1c0 [ 3.458742] [] __kfence_free+0x62/0xc6 [ 3.458764] [] kfree+0x106/0x32c [ 3.458786] [] detach_buf_split+0x188/0x1a8 [ 3.458816] [] virtqueue_get_buf_ctx+0xb6/0x1f6 [ 3.458839] [] virtqueue_get_buf+0xe/0x16 [ 3.458880] [] virtblk_done+0x5c/0xe2 [ 3.458908] [] interrupci\u00f3n_de_vring+0x6a/0x74 [ 3.458930] [] __controlador_de_evento_irq_percpu+0x7c/0xe2 [ 3.458956] [] control_de_evento_irq+0x3c/0x86 [ 3.458978] [] control_de_irq_simple+0x9e/0xbe [ 3.459004] [] control_de_dominio_gen\u00e9rico_irq+0x1c/0x2a [ 3.459027] [] imsic_handle_irq+0xba/0x120 [ 3.459056] [] generic_handle_domain_irq+0x1c/0x2a [ 3.459080] [] riscv_intc_aia_irq+0x24/0x34 [ 3.459103] [] handle_riscv_irq+0x2e/0x4c [ 3.459133] [] call_on_irq_stack+0x32/0x40 Por lo tanto, solo limpie la TLB local y deje que la gesti\u00f3n de errores de p\u00e1gina de kfence se ocupe de los errores que podr\u00edan Esto ocurre cuando un n\u00facleo tiene una versi\u00f3n antigua de PTE protegida almacenada en cach\u00e9 en su TLB. Esto genera posibles imprecisiones que pueden tolerarse al usar kfence."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}