cve-2023-52750
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2024-11-04 14:51
Severity ?
Summary
arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd31e534721ab95ef237020fe6995c899ffdf21a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69e619d2fd056fe1f5d0adf01584f2da669e0d28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/146a15b873353f8ac28dc281c139ff611a3c4848"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:37:19.073827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:33.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/Kconfig"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d08a1e75253b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "936c9c10efae",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "ef0224ee5399",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "bd31e534721a",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "69e619d2fd05",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "146a15b87335",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/Kconfig"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer\n\nPrior to LLVM 15.0.0, LLVM\u0027s integrated assembler would incorrectly\nbyte-swap NOP when compiling for big-endian, and the resulting series of\nbytes happened to match the encoding of FNMADD S21, S30, S0, S0.\n\nThis went unnoticed until commit:\n\n  34f66c4c4d5518c1 (\"arm64: Use a positive cpucap for FP/SIMD\")\n\nPrior to that commit, the kernel would always enable the use of FPSIMD\nearly in boot when __cpu_setup() initialized CPACR_EL1, and so usage of\nFNMADD within the kernel was not detected, but could result in the\ncorruption of user or kernel FPSIMD state.\n\nAfter that commit, the instructions happen to trap during boot prior to\nFPSIMD being detected and enabled, e.g.\n\n| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : __pi_strcmp+0x1c/0x150\n| lr : populate_properties+0xe4/0x254\n| sp : ffffd014173d3ad0\n| x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000\n| x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008\n| x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044\n| x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005\n| x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000\n| x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000\n| x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000\n| x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000\n| x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a\n| x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8\n| Kernel panic - not syncing: Unhandled exception\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\n| Hardware name: linux,dummy-virt (DT)\n| Call trace:\n|  dump_backtrace+0xec/0x108\n|  show_stack+0x18/0x2c\n|  dump_stack_lvl+0x50/0x68\n|  dump_stack+0x18/0x24\n|  panic+0x13c/0x340\n|  el1t_64_irq_handler+0x0/0x1c\n|  el1_abort+0x0/0x5c\n|  el1h_64_sync+0x64/0x68\n|  __pi_strcmp+0x1c/0x150\n|  unflatten_dt_nodes+0x1e8/0x2d8\n|  __unflatten_device_tree+0x5c/0x15c\n|  unflatten_device_tree+0x38/0x50\n|  setup_arch+0x164/0x1e0\n|  start_kernel+0x64/0x38c\n|  __primary_switched+0xbc/0xc4\n\nRestrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is\neither GNU as or LLVM\u0027s IAS 15.0.0 and newer, which contains the linked\ncommit."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:51:59.293Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd31e534721ab95ef237020fe6995c899ffdf21a"
        },
        {
          "url": "https://git.kernel.org/stable/c/69e619d2fd056fe1f5d0adf01584f2da669e0d28"
        },
        {
          "url": "https://git.kernel.org/stable/c/146a15b873353f8ac28dc281c139ff611a3c4848"
        }
      ],
      "title": "arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52750",
    "datePublished": "2024-05-21T15:30:39.564Z",
    "dateReserved": "2024-05-21T15:19:24.234Z",
    "dateUpdated": "2024-11-04T14:51:59.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52750\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:14.687\",\"lastModified\":\"2024-05-21T16:53:56.550\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\narm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer\\n\\nPrior to LLVM 15.0.0, LLVM\u0027s integrated assembler would incorrectly\\nbyte-swap NOP when compiling for big-endian, and the resulting series of\\nbytes happened to match the encoding of FNMADD S21, S30, S0, S0.\\n\\nThis went unnoticed until commit:\\n\\n  34f66c4c4d5518c1 (\\\"arm64: Use a positive cpucap for FP/SIMD\\\")\\n\\nPrior to that commit, the kernel would always enable the use of FPSIMD\\nearly in boot when __cpu_setup() initialized CPACR_EL1, and so usage of\\nFNMADD within the kernel was not detected, but could result in the\\ncorruption of user or kernel FPSIMD state.\\n\\nAfter that commit, the instructions happen to trap during boot prior to\\nFPSIMD being detected and enabled, e.g.\\n\\n| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD\\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\\n| Hardware name: linux,dummy-virt (DT)\\n| pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n| pc : __pi_strcmp+0x1c/0x150\\n| lr : populate_properties+0xe4/0x254\\n| sp : ffffd014173d3ad0\\n| x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000\\n| x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008\\n| x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044\\n| x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005\\n| x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000\\n| x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000\\n| x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000\\n| x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000\\n| x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a\\n| x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8\\n| Kernel panic - not syncing: Unhandled exception\\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\\n| Hardware name: linux,dummy-virt (DT)\\n| Call trace:\\n|  dump_backtrace+0xec/0x108\\n|  show_stack+0x18/0x2c\\n|  dump_stack_lvl+0x50/0x68\\n|  dump_stack+0x18/0x24\\n|  panic+0x13c/0x340\\n|  el1t_64_irq_handler+0x0/0x1c\\n|  el1_abort+0x0/0x5c\\n|  el1h_64_sync+0x64/0x68\\n|  __pi_strcmp+0x1c/0x150\\n|  unflatten_dt_nodes+0x1e8/0x2d8\\n|  __unflatten_device_tree+0x5c/0x15c\\n|  unflatten_device_tree+0x38/0x50\\n|  setup_arch+0x164/0x1e0\\n|  start_kernel+0x64/0x38c\\n|  __primary_switched+0xbc/0xc4\\n\\nRestrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is\\neither GNU as or LLVM\u0027s IAS 15.0.0 and newer, which contains the linked\\ncommit.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: arm64: restringe CPU_BIG_ENDIAN a GNU como o LLVM IAS 15.x o posterior. Antes de LLVM 15.0.0, el ensamblador integrado de LLVM intercambiaba bytes incorrectamente con NOP al compilar para big-endian. y la serie de bytes resultante coincidi\u00f3 con la codificaci\u00f3n de FNMADD S21, S30, S0, S0. Esto pas\u00f3 desapercibido hasta la confirmaci\u00f3n: 34f66c4c4d5518c1 (\\\"arm64: use un cpucap positivo para FP/SIMD\\\") Antes de esa confirmaci\u00f3n, el kernel siempre habilitaba el uso de FPSIMD al principio del arranque cuando __cpu_setup() inicializaba CPACR_EL1, y por lo tanto el uso de FNMADD dentro del kernel no se detect\u00f3, pero podr\u00eda provocar la corrupci\u00f3n del estado FPSIMD del usuario o del kernel. Despu\u00e9s de esa confirmaci\u00f3n, las instrucciones se bloquean durante el arranque antes de que se detecte y habilite FPSIMD, por ejemplo | Excepci\u00f3n de sincronizaci\u00f3n el1h de 64 bits no controlada en CPU0, ESR 0x000000001fe00000 - ASIMD | CPU: 0 PID: 0 Comunicaciones: intercambiador No contaminado 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Nombre del hardware: linux,dummy-virt (DT) | pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | ordenador personal: __pi_strcmp+0x1c/0x150 | lr: poblar_properties+0xe4/0x254 | sp: ffffd014173d3ad0 | x29: ffffd014173d3af0 x28: ffffbfffddffcb8 x27: 0000000000000000 | x26: 0000000000000058 x25: ffffbfffddfe054 x24: 0000000000000008 | x23: ffffbffffddfe000 x22: ffffbfffddfe000 x21: ffffbfffddfe044 | x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005 | x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000 | x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000 | x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9: 0000000000000000 | x8: 0101010101010101 x7: ffffffffffffffc0 x6: 0000000000000000 | x5: 0000000000000000 x4: 0101010101010101 x3: 000000000000002a | x2: 0000000000000001 x1: ffffd014171f2988 x0: ffffbfffddffcb8 | P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n no controlada | CPU: 0 PID: 0 Comunicaciones: intercambiador No contaminado 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Nombre del hardware: linux,dummy-virt (DT) | Rastreo de llamadas: | dump_backtrace+0xec/0x108 | show_stack+0x18/0x2c | dump_stack_lvl+0x50/0x68 | dump_stack+0x18/0x24 | p\u00e1nico+0x13c/0x340 | el1t_64_irq_handler+0x0/0x1c | el1_abort+0x0/0x5c | el1h_64_sync+0x64/0x68 | __pi_strcmp+0x1c/0x150 | unflatten_dt_nodes+0x1e8/0x2d8 | __unflatten_device_tree+0x5c/0x15c | unflatten_device_tree+0x38/0x50 | setup_arch+0x164/0x1e0 | start_kernel+0x64/0x38c | __primary_switched+0xbc/0xc4 Restrinja CONFIG_CPU_BIG_ENDIAN a un buen ensamblador conocido, que sea GNU o LLVM\u0027s IAS 15.0.0 y posteriores, que contiene la confirmaci\u00f3n vinculada.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/146a15b873353f8ac28dc281c139ff611a3c4848\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/69e619d2fd056fe1f5d0adf01584f2da669e0d28\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bd31e534721ab95ef237020fe6995c899ffdf21a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.