fkie_cve-2024-42230
Vulnerability from fkie_nvd
Published
2024-07-30 08:15
Modified
2024-11-21 09:33
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7E92232-0258-4DF2-8BAB-A29F93F78C0D",
                     versionEndExcluding: "6.1.98",
                     versionStartIncluding: "5.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25B0CC37-7862-4BB8-9603-1132387FAD81",
                     versionEndIncluding: "6.6.39",
                     versionStartIncluding: "6.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085",
                     versionEndExcluding: "6.9.9",
                     versionStartIncluding: "6.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "2EBB4392-5FA6-4DA9-9772-8F9C750109FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "331C2F14-12C7-45D5-893D-8C52EE38EA10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "3173713D-909A-4DD3-9DD4-1E171EB057EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "79F18AFA-40F7-43F0-BA30-7BDB65F918B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "BD973AA4-A789-49BD-8D57-B2846935D3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
                     matchCriteriaId: "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn't easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/pseries: corrige el fallo de la instrucción scv con kexec kexec en pseries desactiva AIL (reloc_on_exc), necesario para el soporte de instrucciones scv, antes de que se apaguen otras CPU. Esto significa que pueden ejecutar instrucciones scv después de que AIL esté desactivado, lo que provoca una interrupción en una ubicación de entrada inesperada que bloquea el kernel. Cambie la secuencia kexec para deshabilitar AIL después de que se hayan desactivado otras CPU. Como repaso, el vector de interrupción scv en modo real es 0x17000, y el código principal de ubicación fija probablemente no podría manejar fácilmente la implementación de direcciones tan altas, por lo que simplemente se decidió no admitir esa interrupción en absoluto.",
      },
   ],
   id: "CVE-2024-42230",
   lastModified: "2024-11-21T09:33:46.033",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 4.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-07-30T08:15:08.193",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.