CVE-2024-26768
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-07 19:36
Summary
LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T19:30:26.181836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T19:36:27.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/loongarch/include/asm/acpi.h",
            "arch/loongarch/kernel/acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "88e189bd16e5",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "0f6810e39898",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "4551b30525cf",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/loongarch/include/asm/acpi.h",
            "arch/loongarch/kernel/acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]\n\nWith default config, the value of NR_CPUS is 64. When HW platform has\nmore then 64 cpus, system will crash on these platforms. MAX_CORE_PIC\nis the maximum cpu number in MADT table (max physical number) which can\nexceed the supported maximum cpu number (NR_CPUS, max logical number),\nbut kernel should not crash. Kernel should boot cpus with NR_CPUS, let\nthe remainder cpus stay in BIOS.\n\nThe potential crash reason is that the array acpi_core_pic[NR_CPUS] can\nbe overflowed when parsing MADT table, and it is obvious that CORE_PIC\nshould be corresponding to physical core rather than logical core, so it\nis better to define the array as acpi_core_pic[MAX_CORE_PIC].\n\nWith the patch, system can boot up 64 vcpus with qemu parameter -smp 128,\notherwise system will crash with the following message.\n\n[    0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec\n[    0.000000] Oops[#1]:\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192\n[    0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n[    0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60\n[    0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8\n[    0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005\n[    0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001\n[    0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063\n[    0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98\n[    0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90\n[    0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330\n[    0.000000]    ra: 90000000037a46ec platform_init+0x214/0x250\n[    0.000000]   ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94\n[    0.000000]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[    0.000000]  PRMD: 00000000 (PPLV0 -PIE -PWE)\n[    0.000000]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[    0.000000]  ECFG: 00070800 (LIE=11 VS=7)\n[    0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[    0.000000]  BADV: 0000420000004259\n[    0.000000]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n[    0.000000] Modules linked in:\n[    0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[    0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec\n[    0.000000]         000000000a7fd000 0000000008290000 0000000000000000 0000000000000000\n[    0.000000]         0000000000000000 0000000000000000 00000000019d8000 000000000f556b60\n[    0.000000]         000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000\n[    0.000000]         9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c\n[    0.000000]         000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08\n[    0.000000]         9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018\n[    0.000000]         000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000\n[    0.000000]         0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000\n[    0.000000]         000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000\n[    0.000000]         ...\n[    0.000000] Call Trace:\n[    0.000000] [\u003c90000000037a5f0c\u003e] efi_runtime_init+0x30/0x94\n[    0.000000] [\u003c90000000037a46ec\u003e] platform_init+0x214/0x250\n[    0.000000] [\u003c90000000037a484c\u003e] setup_arch+0x124/0x45c\n[    0.000000] [\u003c90000000037a0790\u003e] start_kernel+0x90/0x670\n[    0.000000] [\u003c900000000378b0d8\u003e] kernel_entry+0xd8/0xdc"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:15:24.383Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe"
        }
      ],
      "title": "LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26768",
    "datePublished": "2024-04-03T17:00:50.135Z",
    "dateReserved": "2024-02-19T14:20:24.173Z",
    "dateUpdated": "2024-11-07T19:36:27.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26768\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-03T17:15:52.800\",\"lastModified\":\"2024-11-07T20:35:09.233\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nLoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]\\n\\nWith default config, the value of NR_CPUS is 64. When HW platform has\\nmore then 64 cpus, system will crash on these platforms. MAX_CORE_PIC\\nis the maximum cpu number in MADT table (max physical number) which can\\nexceed the supported maximum cpu number (NR_CPUS, max logical number),\\nbut kernel should not crash. Kernel should boot cpus with NR_CPUS, let\\nthe remainder cpus stay in BIOS.\\n\\nThe potential crash reason is that the array acpi_core_pic[NR_CPUS] can\\nbe overflowed when parsing MADT table, and it is obvious that CORE_PIC\\nshould be corresponding to physical core rather than logical core, so it\\nis better to define the array as acpi_core_pic[MAX_CORE_PIC].\\n\\nWith the patch, system can boot up 64 vcpus with qemu parameter -smp 128,\\notherwise system will crash with the following message.\\n\\n[    0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec\\n[    0.000000] Oops[#1]:\\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192\\n[    0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\\n[    0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60\\n[    0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8\\n[    0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005\\n[    0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001\\n[    0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063\\n[    0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98\\n[    0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90\\n[    0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330\\n[    0.000000]    ra: 90000000037a46ec platform_init+0x214/0x250\\n[    0.000000]   ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94\\n[    0.000000]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\\n[    0.000000]  PRMD: 00000000 (PPLV0 -PIE -PWE)\\n[    0.000000]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\\n[    0.000000]  ECFG: 00070800 (LIE=11 VS=7)\\n[    0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\\n[    0.000000]  BADV: 0000420000004259\\n[    0.000000]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\\n[    0.000000] Modules linked in:\\n[    0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\\n[    0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec\\n[    0.000000]         000000000a7fd000 0000000008290000 0000000000000000 0000000000000000\\n[    0.000000]         0000000000000000 0000000000000000 00000000019d8000 000000000f556b60\\n[    0.000000]         000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000\\n[    0.000000]         9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c\\n[    0.000000]         000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08\\n[    0.000000]         9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018\\n[    0.000000]         000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000\\n[    0.000000]         0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000\\n[    0.000000]         000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000\\n[    0.000000]         ...\\n[    0.000000] Call Trace:\\n[    0.000000] [\u003c90000000037a5f0c\u003e] efi_runtime_init+0x30/0x94\\n[    0.000000] [\u003c90000000037a46ec\u003e] platform_init+0x214/0x250\\n[    0.000000] [\u003c90000000037a484c\u003e] setup_arch+0x124/0x45c\\n[    0.000000] [\u003c90000000037a0790\u003e] start_kernel+0x90/0x670\\n[    0.000000] [\u003c900000000378b0d8\u003e] kernel_entry+0xd8/0xdc\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: LoongArch: cambie acpi_core_pic[NR_CPUS] a acpi_core_pic[MAX_CORE_PIC] Con la configuraci\u00f3n predeterminada, el valor de NR_CPUS es 64. Cuando la plataforma HW tiene m\u00e1s de 64 cpus, el SYSTEM fallar\u00e1 en estas plataformas . MAX_CORE_PIC es el n\u00famero m\u00e1ximo de CPU en la tabla MADT (n\u00famero f\u00edsico m\u00e1ximo) que puede exceder el n\u00famero m\u00e1ximo de CPU admitido (NR_CPUS, n\u00famero l\u00f3gico m\u00e1ximo), pero el kernel no deber\u00eda fallar. El kernel debe arrancar los procesadores con NR_CPUS y dejar que los procesadores restantes permanezcan en el BIOS. La posible raz\u00f3n del fallo es que la matriz acpi_core_pic[NR_CPUS] puede desbordarse al analizar la tabla MADT, y es obvio que CORE_PIC debe corresponder al n\u00facleo f\u00edsico en lugar del n\u00facleo l\u00f3gico, por lo que es mejor definir la matriz como acpi_core_pic[MAX_CORE_PIC] . Con el parche, el SYSTEM puede iniciar 64 vcpus con el par\u00e1metro qemu -smp 128; de lo contrario, el SYSTEM fallar\u00e1 con el siguiente mensaje. [ 0.000000] CPU 0 No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec [ 0.000000] Ups[#1]: [ 0.000000] CPU: 0 PID: 0 Comm: intercambiador No contaminado 6.8. 0-rc2+ #192 [0.000000] Nombre de hardware: QEMU QEMU M\u00e1quina virtual, BIOS desconocido 2/2/2022 [0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93 d60 [ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8 [ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005 [ 0.000000] t0 0000420000004201 t1 00000000000000000 t2 0000000000000000 1 t3 0000000000000001 [ 0,000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063 [ 0,000000] t8 0000 000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98 [ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003 c93d98 s4 9000000003c93d90 [ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330 [ 0.000000] ra: 90000000037a46ec platform_init+ 0x214/0x250 [ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94 [ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE) [ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 0.000000] ECFG: 00070800 (LIE=11 VS=7) [ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EssubCode=0) [ 0.000000] BADV: 0000420000004259 [ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 0.0000 00] M\u00f3dulos vinculados en: [ 0.000000] Proceso swapper (pid: 0, threadinfo=(____ptrval____), tarea=(____ptrval____)) [0.000000] Pila: 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec [0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000 [ 0.000000] 00000000000000000 0000000000000000 00000000019d 8000 000000000f556b60 [ 0,000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000 [ 0,000000 ] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c [ 0.000000] 000000000e0a4330 000000000f556b60 00000000 0a7fd000 000000000f556b08 [ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018 [ 0.000000] 000000000a 7fd000 90000000037a0790 9000000003800108 0000000000000000 [ 0.000000] 00000000000000000 000000000e0a4330 000000000f556b60 00000 0000a7fd000 [ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000 [ 0.000000] ... [ 0.000000] Llamar Seguimiento: [ 0.000000] [\u0026lt;90000000037a5f0c\u0026gt;] efi_runtime_init+0x30/0x94 [ 0.000000] [\u0026lt;90000000037a46ec\u0026gt;] platform_init+0x214/0x250 [ 0.000000] [\u0026lt;90000000037a48 4c\u0026gt;] setup_arch+0x124/0x45c [ 0.000000] [\u0026lt;90000000037a0790\u0026gt;] start_kernel +0x90/0x670 [ 0.000000] [\u0026lt;900000000378b0d8\u0026gt;] entrada_kernel+0xd8/0xdc\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.