cve-2024-50192
Vulnerability from cvelistv5
Published
2024-11-08 05:54
Modified
2024-12-19 09:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the corresponding doorbell interrupt still visible in /proc/irq/. Plug the race by checking the value of vmapp_count, which tracks whether the VPE is mapped ot not, and returning an error in this case. This involves making vmapp_count common to both GICv4.1 and its v4.0 ancestor.
Impacted products
Vendor Product Version
Linux Linux Version: 5.6
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c",
            "include/linux/irqchip/arm-gic-v4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7d7b7fc876f836f40bf48a87e07ea18756ba196",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            },
            {
              "lessThan": "755b9532c885b8761fb135fedcd705e21e61cccb",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            },
            {
              "lessThan": "64b12b061c5488e2d69e67c4eaae5da64fd30bfe",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            },
            {
              "lessThan": "01282ab5182f85e42234df2ff42f0ce790f465ff",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            },
            {
              "lessThan": "d960505a869e66184fff97fb334980a5b797c7c6",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            },
            {
              "lessThan": "1442ee0011983f0c5c4b92380e6853afb513841a",
              "status": "affected",
              "version": "64edfaa9a2342a3ce34f8cb982c2c2df84db4de3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c",
            "include/linux/irqchip/arm-gic-v4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE\n\nKunkun Jiang reported that there is a small window of opportunity for\nuserspace to force a change of affinity for a VPE while the VPE has already\nbeen unmapped, but the corresponding doorbell interrupt still visible in\n/proc/irq/.\n\nPlug the race by checking the value of vmapp_count, which tracks whether\nthe VPE is mapped ot not, and returning an error in this case.\n\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\nancestor."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:35:09.839Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7d7b7fc876f836f40bf48a87e07ea18756ba196"
        },
        {
          "url": "https://git.kernel.org/stable/c/755b9532c885b8761fb135fedcd705e21e61cccb"
        },
        {
          "url": "https://git.kernel.org/stable/c/64b12b061c5488e2d69e67c4eaae5da64fd30bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/01282ab5182f85e42234df2ff42f0ce790f465ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/d960505a869e66184fff97fb334980a5b797c7c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/1442ee0011983f0c5c4b92380e6853afb513841a"
        }
      ],
      "title": "irqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50192",
    "datePublished": "2024-11-08T05:54:07.535Z",
    "dateReserved": "2024-10-21T19:36:19.967Z",
    "dateUpdated": "2024-12-19T09:35:09.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50192\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-08T06:15:16.100\",\"lastModified\":\"2024-11-29T19:00:45.733\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nirqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE\\n\\nKunkun Jiang reported that there is a small window of opportunity for\\nuserspace to force a change of affinity for a VPE while the VPE has already\\nbeen unmapped, but the corresponding doorbell interrupt still visible in\\n/proc/irq/.\\n\\nPlug the race by checking the value of vmapp_count, which tracks whether\\nthe VPE is mapped ot not, and returning an error in this case.\\n\\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\\nancestor.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v4: No permitir un VMOVP en un VPE moribundo Kunkun Jiang inform\u00f3 que hay una peque\u00f1a ventana de oportunidad para que el espacio de usuario fuerce un cambio de afinidad para un VPE mientras el VPE ya ha sido desasignado, pero la interrupci\u00f3n del timbre correspondiente a\u00fan es visible en /proc/irq/. Conecte la ejecuci\u00f3n verificando el valor de vmapp_count, que rastrea si el VPE est\u00e1 asignado o no, y devuelve un error en este caso. Esto implica hacer que vmapp_count sea com\u00fan tanto para GICv4.1 como para su antecesor v4.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.10.228\",\"matchCriteriaId\":\"23D95807-ADA5-452C-BBD3-C14EA7B6CC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.169\",\"matchCriteriaId\":\"18BEDAD6-86F8-457C-952F-C35698B3D07F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.114\",\"matchCriteriaId\":\"10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.58\",\"matchCriteriaId\":\"6B9489BC-825E-4EEE-8D93-F93C801988C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.5\",\"matchCriteriaId\":\"6E62D61A-F704-44DB-A311-17B7534DA7BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/01282ab5182f85e42234df2ff42f0ce790f465ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1442ee0011983f0c5c4b92380e6853afb513841a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/64b12b061c5488e2d69e67c4eaae5da64fd30bfe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/755b9532c885b8761fb135fedcd705e21e61cccb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b7d7b7fc876f836f40bf48a87e07ea18756ba196\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d960505a869e66184fff97fb334980a5b797c7c6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.