cve-2024-46794
Vulnerability from cvelistv5
Published
2024-09-18 07:12
Modified
2024-11-05 09:46
Severity ?
Summary
x86/tdx: Fix data leak in mmio_read()
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461faPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7Patch
Impacted products
Vendor Product Version
Linux Linux Version: 5.19
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:23:09.419294Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:23:20.346Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/coco/tdx/tdx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26c6af49d26f",
              "status": "affected",
              "version": "31d58c4e557d",
              "versionType": "git"
            },
            {
              "lessThan": "ef00818c50cf",
              "status": "affected",
              "version": "31d58c4e557d",
              "versionType": "git"
            },
            {
              "lessThan": "b55ce742afcb",
              "status": "affected",
              "version": "31d58c4e557d",
              "versionType": "git"
            },
            {
              "lessThan": "b6fb565a2d15",
              "status": "affected",
              "version": "31d58c4e557d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/coco/tdx/tdx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what \u0027val\u0027 is used for. ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:46:45.810Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661"
        }
      ],
      "title": "x86/tdx: Fix data leak in mmio_read()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46794",
    "datePublished": "2024-09-18T07:12:49.323Z",
    "dateReserved": "2024-09-11T15:12:18.279Z",
    "dateUpdated": "2024-11-05T09:46:45.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46794\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-18T08:15:06.230\",\"lastModified\":\"2024-11-20T20:56:49.150\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nx86/tdx: Fix data leak in mmio_read()\\n\\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\\naddress from the VMM.\\n\\nSean noticed that mmio_read() unintentionally exposes the value of an\\ninitialized variable (val) on the stack to the VMM.\\n\\nThis variable is only needed as an output value. It did not need to be\\npassed to the VMM in the first place.\\n\\nDo not send the original value of *val to the VMM.\\n\\n[ dhansen: clarify what \u0027val\u0027 is used for. ]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/tdx: Se corrige la fuga de datos en mmio_read() La funci\u00f3n mmio_read() realiza una TDVMCALL para recuperar datos MMIO para una direcci\u00f3n del VMM. Sean not\u00f3 que mmio_read() expone involuntariamente el valor de una variable inicializada (val) en la pila al VMM. Esta variable solo se necesita como valor de salida. No era necesario pasarla al VMM en primer lugar. No env\u00ede el valor original de *val al VMM. [ dhansen: aclare para qu\u00e9 se usa \u0027val\u0027. ]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.19\",\"matchCriteriaId\":\"2100D1B8-9648-47E0-8CA8-90D1FE7C62FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndExcluding\":\"6.1.110\",\"matchCriteriaId\":\"FD34EEF6-E0F8-42D6-BF92-8EB851A6ADEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.51\",\"matchCriteriaId\":\"25B5F323-C9C2-4F67-BF42-0C5BDD860576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.10.10\",\"matchCriteriaId\":\"D16659A9-BECD-4E13-8994-B096652762E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.