admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-422xx/CVE-2024-42240.json
cad-safe-bot 7a14064f97 Auto-Update: 2024-08-08T16:00:18.459792+00:00
2024-08-08 16:03:15 +00:00

124 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-42240",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-07T16:15:46.810",
"lastModified": "2024-08-08T14:53:59.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n <#DB>\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n </#DB>\n <TASK>\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n </TASK>\n\n [ bp: Massage commit message. ]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/bhi: evitar advertencia en el controlador #DB debido a la mitigaci\u00f3n de BHI Cuando la mitigaci\u00f3n de BHI est\u00e1 habilitada, si se invoca SYSENTER con el indicador TF configurado, entonces Entry_SYSENTER_compat() usa CLEAR_BRANCH_HISTORY y llama al clear_bhb_loop() antes de que se borre la bandera TF. Esto hace que el controlador #DB (exc_debug_kernel()) emita una advertencia porque se utiliza un solo paso fuera de la funci\u00f3n Entry_SYSENTER_compat(). Para solucionar este problema, Entry_SYSENTER_compat() debe usar CLEAR_BRANCH_HISTORY despu\u00e9s de asegurarse de que el indicador TF est\u00e9 borrado. El problema se puede reproducir con la siguiente secuencia: $ cat sysenter_step.c int main() { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Fallo de segmentaci\u00f3n (n\u00facleo volcado) Se espera que el programa falle y el controlador #DB emitir\u00e1 una advertencia. Registro del kernel: ADVERTENCIA: CPU: 27 PID: 7000 en arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160... RIP: 0010:exc_debug_kernel+0xd2/0x160... Seguimiento de llamadas: &lt;#DB&gt; ? show_regs+0x68/0x80? __advertir+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160? report_bug+0x175/0x1a0? handle_bug+0x44/0x90? exc_invalid_op+0x1c/0x70? asm_exc_invalid_op+0x1f/0x30? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... ? Entry_SYSENTER_compat_after_hwframe+0x6e/0x8d [bp: mensaje de commit de masaje. ]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.163",
"versionEndExcluding": "6.1.100",
"matchCriteriaId": "CAAB30CE-506C-42CC-B146-52655F61012E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.41",
"matchCriteriaId": "96AC42B8-D66D-4AC5-B466-E9BA7910FA29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.10",
"matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink