CVE-2024-50193
Vulnerability from cvelistv5
Published
2024-11-08 05:54
Modified
2024-12-19 09:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92dePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbcPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6dePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548aPatch
Impacted products
Vendor Product Version
Linux Linux Version: 50f021f0b985629accf10481a6e89af8b9700583
Version: d54de9f2a127090f2017184e8257795b487d5312
Version: 2e3087505ddb8ba2d3d4c81306cca11e868fcdb9
Version: ca13d8cd8dac25558da4ee8df4dc70e8e7f9d762
Version: a0e2dab44d22b913b4c228c8b52b2a104434b0b3
Version: a0e2dab44d22b913b4c228c8b52b2a104434b0b3
 Create a notification for this product.
   Linux Linux Version: 6.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_32.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6f44a5fc15b5cece0785bc07453db77d99b0a6de",
              "status": "affected",
              "version": "50f021f0b985629accf10481a6e89af8b9700583",
              "versionType": "git"
            },
            {
              "lessThan": "b6400eb0b347821efc57760221f8fb6d63b9548a",
              "status": "affected",
              "version": "d54de9f2a127090f2017184e8257795b487d5312",
              "versionType": "git"
            },
            {
              "lessThan": "43778de19d2ef129636815274644b9c16e78c66b",
              "status": "affected",
              "version": "2e3087505ddb8ba2d3d4c81306cca11e868fcdb9",
              "versionType": "git"
            },
            {
              "lessThan": "227358e89703c344008119be7e8ffa3fdb5b92de",
              "status": "affected",
              "version": "ca13d8cd8dac25558da4ee8df4dc70e8e7f9d762",
              "versionType": "git"
            },
            {
              "lessThan": "64adf22c4bc73ede920baca5defefb70f190cdbc",
              "status": "affected",
              "version": "a0e2dab44d22b913b4c228c8b52b2a104434b0b3",
              "versionType": "git"
            },
            {
              "lessThan": "48a2440d0f20c826b884e04377ccc1e4696c84e9",
              "status": "affected",
              "version": "a0e2dab44d22b913b4c228c8b52b2a104434b0b3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_32.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/entry_32: Clear CPU buffers after register restore in NMI return\n\nCPU buffers are currently cleared after call to exc_nmi, but before\nregister state is restored. This may be okay for MDS mitigation but not for\nRDFS. Because RDFS mitigation requires CPU buffers to be cleared when\nregisters don\u0027t have any sensitive data.\n\nMove CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:35:11.006Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a"
        },
        {
          "url": "https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b"
        },
        {
          "url": "https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de"
        },
        {
          "url": "https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9"
        }
      ],
      "title": "x86/entry_32: Clear CPU buffers after register restore in NMI return",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50193",
    "datePublished": "2024-11-08T05:54:08.464Z",
    "dateReserved": "2024-10-21T19:36:19.967Z",
    "dateUpdated": "2024-12-19T09:35:11.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50193\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-08T06:15:16.153\",\"lastModified\":\"2024-11-29T19:29:23.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nx86/entry_32: Clear CPU buffers after register restore in NMI return\\n\\nCPU buffers are currently cleared after call to exc_nmi, but before\\nregister state is restored. This may be okay for MDS mitigation but not for\\nRDFS. Because RDFS mitigation requires CPU buffers to be cleared when\\nregisters don\u0027t have any sensitive data.\\n\\nMove CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/entry_32: Borrar los b\u00faferes de la CPU despu\u00e9s de restaurar el registro en el retorno NMI Los b\u00faferes de la CPU se borran actualmente despu\u00e9s de la llamada a exc_nmi, pero antes de que se restaure el estado del registro. Esto puede ser adecuado para la mitigaci\u00f3n de MDS, pero no para RDFS. Porque la mitigaci\u00f3n de RDFS requiere que se borren los b\u00faferes de la CPU cuando los registros no tienen datos confidenciales. Mueva CLEAR_CPU_BUFFERS despu\u00e9s de RESTORE_ALL_NMI.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.228\",\"matchCriteriaId\":\"00E49974-BB63-44B8-8A3C-048EBB86B743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.169\",\"matchCriteriaId\":\"18BEDAD6-86F8-457C-952F-C35698B3D07F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.114\",\"matchCriteriaId\":\"10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.58\",\"matchCriteriaId\":\"6B9489BC-825E-4EEE-8D93-F93C801988C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.5\",\"matchCriteriaId\":\"DEA3578E-BB87-4486-90C9-D07BD36965C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.