CVE-2024-53687 (GCVE-0-2024-53687)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:29 – Updated: 2025-05-04 09:56
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : smp_call_function_many_cond+0x452/0x520 [ 3.457736] ra : on_each_cpu_cond_mask+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10 [ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001 [ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001 [ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001 [ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003 [ 3.458373] [<ffffffff800b669a>] smp_call_function_many_cond+0x452/0x520 [ 3.458593] [<ffffffff800b67c2>] on_each_cpu_cond_mask+0x1e/0x30 [ 3.458625] [<ffffffff8000e4ca>] __flush_tlb_range+0x118/0x1ca [ 3.458656] [<ffffffff8000e6b2>] flush_tlb_kernel_range+0x1e/0x26 [ 3.458683] [<ffffffff801ea56a>] kfence_protect+0xc0/0xce [ 3.458717] [<ffffffff801e9456>] kfence_guarded_free+0xc6/0x1c0 [ 3.458742] [<ffffffff801e9d6c>] __kfence_free+0x62/0xc6 [ 3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c [ 3.458786] [<ffffffff80588cf2>] detach_buf_split+0x188/0x1a8 [ 3.458816] [<ffffffff8058708c>] virtqueue_get_buf_ctx+0xb6/0x1f6 [ 3.458839] [<ffffffff805871da>] virtqueue_get_buf+0xe/0x16 [ 3.458880] [<ffffffff80613d6a>] virtblk_done+0x5c/0xe2 [ 3.458908] [<ffffffff8058766e>] vring_interrupt+0x6a/0x74 [ 3.458930] [<ffffffff800747d8>] __handle_irq_event_percpu+0x7c/0xe2 [ 3.458956] [<ffffffff800748f0>] handle_irq_event+0x3c/0x86 [ 3.458978] [<ffffffff800786cc>] handle_simple_irq+0x9e/0xbe [ 3.459004] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459027] [<ffffffff804bf87c>] imsic_handle_irq+0xba/0x120 [ 3.459056] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459080] [<ffffffff804bdb76>] riscv_intc_aia_irq+0x24/0x34 [ 3.459103] [<ffffffff809d0452>] handle_riscv_irq+0x2e/0x4c [ 3.459133] [<ffffffff809d923e>] call_on_irq_stack+0x32/0x40 So only flush the local TLB and let the lazy kfence page fault handling deal with the faults which could happen when a core has an old protected pte version cached in its TLB. That leads to potential inaccuracies which can be tolerated when using kfence.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 47513f243b452a5e21180dcf3d6ac1c57e1781a6 , < 6f796a6a396d6f963f2cc8f5edd7dfba2cca097f (git)
Affected: 47513f243b452a5e21180dcf3d6ac1c57e1781a6 , < 3abfc4130c4222099c69d023fed97f1180a8ad7b (git)
Affected: 47513f243b452a5e21180dcf3d6ac1c57e1781a6 , < b3431a8bb336cece8adc452437befa7d4534b2fd (git)
Create a notification for this product.
    Linux Linux Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/include/asm/kfence.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6f796a6a396d6f963f2cc8f5edd7dfba2cca097f",
              "status": "affected",
              "version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
              "versionType": "git"
            },
            {
              "lessThan": "3abfc4130c4222099c69d023fed97f1180a8ad7b",
              "status": "affected",
              "version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
              "versionType": "git"
            },
            {
              "lessThan": "b3431a8bb336cece8adc452437befa7d4534b2fd",
              "status": "affected",
              "version": "47513f243b452a5e21180dcf3d6ac1c57e1781a6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/include/asm/kfence.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix IPIs usage in kfence_protect_page()\n\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\ncores, which triggers the following warning when the irqs are disabled:\n\n[    3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\n[    3.456647] Modules linked in:\n[    3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\n[    3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\n[    3.457633] epc : smp_call_function_many_cond+0x452/0x520\n[    3.457736]  ra : on_each_cpu_cond_mask+0x1e/0x30\n[    3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\n[    3.457824]  gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\n[    3.457859]  t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\n[    3.457920]  s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\n[    3.457953]  a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\n[    3.458006]  a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\n[    3.458042]  s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\n[    3.458076]  s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\n[    3.458109]  s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\n[    3.458141]  s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\n[    3.458172]  t5 : 0000000000000000 t6 : ff200000000236d0\n[    3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\n[    3.458373] [\u003cffffffff800b669a\u003e] smp_call_function_many_cond+0x452/0x520\n[    3.458593] [\u003cffffffff800b67c2\u003e] on_each_cpu_cond_mask+0x1e/0x30\n[    3.458625] [\u003cffffffff8000e4ca\u003e] __flush_tlb_range+0x118/0x1ca\n[    3.458656] [\u003cffffffff8000e6b2\u003e] flush_tlb_kernel_range+0x1e/0x26\n[    3.458683] [\u003cffffffff801ea56a\u003e] kfence_protect+0xc0/0xce\n[    3.458717] [\u003cffffffff801e9456\u003e] kfence_guarded_free+0xc6/0x1c0\n[    3.458742] [\u003cffffffff801e9d6c\u003e] __kfence_free+0x62/0xc6\n[    3.458764] [\u003cffffffff801c57d8\u003e] kfree+0x106/0x32c\n[    3.458786] [\u003cffffffff80588cf2\u003e] detach_buf_split+0x188/0x1a8\n[    3.458816] [\u003cffffffff8058708c\u003e] virtqueue_get_buf_ctx+0xb6/0x1f6\n[    3.458839] [\u003cffffffff805871da\u003e] virtqueue_get_buf+0xe/0x16\n[    3.458880] [\u003cffffffff80613d6a\u003e] virtblk_done+0x5c/0xe2\n[    3.458908] [\u003cffffffff8058766e\u003e] vring_interrupt+0x6a/0x74\n[    3.458930] [\u003cffffffff800747d8\u003e] __handle_irq_event_percpu+0x7c/0xe2\n[    3.458956] [\u003cffffffff800748f0\u003e] handle_irq_event+0x3c/0x86\n[    3.458978] [\u003cffffffff800786cc\u003e] handle_simple_irq+0x9e/0xbe\n[    3.459004] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\n[    3.459027] [\u003cffffffff804bf87c\u003e] imsic_handle_irq+0xba/0x120\n[    3.459056] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\n[    3.459080] [\u003cffffffff804bdb76\u003e] riscv_intc_aia_irq+0x24/0x34\n[    3.459103] [\u003cffffffff809d0452\u003e] handle_riscv_irq+0x2e/0x4c\n[    3.459133] [\u003cffffffff809d923e\u003e] call_on_irq_stack+0x32/0x40\n\nSo only flush the local TLB and let the lazy kfence page fault handling\ndeal with the faults which could happen when a core has an old protected\npte version cached in its TLB. That leads to potential inaccuracies which\ncan be tolerated when using kfence."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:56.259Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd"
        }
      ],
      "title": "riscv: Fix IPIs usage in kfence_protect_page()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53687",
    "datePublished": "2025-01-11T12:29:50.589Z",
    "dateReserved": "2025-01-09T09:49:29.686Z",
    "dateUpdated": "2025-05-04T09:56:56.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nriscv: Fix IPIs usage in kfence_protect_page()\\n\\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\\ncores, which triggers the following warning when the irqs are disabled:\\n\\n[    3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\\n[    3.456647] Modules linked in:\\n[    3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\\n[    3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\\n[    3.457633] epc : smp_call_function_many_cond+0x452/0x520\\n[    3.457736]  ra : on_each_cpu_cond_mask+0x1e/0x30\\n[    3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\\n[    3.457824]  gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\\n[    3.457859]  t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\\n[    3.457920]  s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\\n[    3.457953]  a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\\n[    3.458006]  a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\\n[    3.458042]  s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\\n[    3.458076]  s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\\n[    3.458109]  s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\\n[    3.458141]  s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\\n[    3.458172]  t5 : 0000000000000000 t6 : ff200000000236d0\\n[    3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\\n[    3.458373] [\u003cffffffff800b669a\u003e] smp_call_function_many_cond+0x452/0x520\\n[    3.458593] [\u003cffffffff800b67c2\u003e] on_each_cpu_cond_mask+0x1e/0x30\\n[    3.458625] [\u003cffffffff8000e4ca\u003e] __flush_tlb_range+0x118/0x1ca\\n[    3.458656] [\u003cffffffff8000e6b2\u003e] flush_tlb_kernel_range+0x1e/0x26\\n[    3.458683] [\u003cffffffff801ea56a\u003e] kfence_protect+0xc0/0xce\\n[    3.458717] [\u003cffffffff801e9456\u003e] kfence_guarded_free+0xc6/0x1c0\\n[    3.458742] [\u003cffffffff801e9d6c\u003e] __kfence_free+0x62/0xc6\\n[    3.458764] [\u003cffffffff801c57d8\u003e] kfree+0x106/0x32c\\n[    3.458786] [\u003cffffffff80588cf2\u003e] detach_buf_split+0x188/0x1a8\\n[    3.458816] [\u003cffffffff8058708c\u003e] virtqueue_get_buf_ctx+0xb6/0x1f6\\n[    3.458839] [\u003cffffffff805871da\u003e] virtqueue_get_buf+0xe/0x16\\n[    3.458880] [\u003cffffffff80613d6a\u003e] virtblk_done+0x5c/0xe2\\n[    3.458908] [\u003cffffffff8058766e\u003e] vring_interrupt+0x6a/0x74\\n[    3.458930] [\u003cffffffff800747d8\u003e] __handle_irq_event_percpu+0x7c/0xe2\\n[    3.458956] [\u003cffffffff800748f0\u003e] handle_irq_event+0x3c/0x86\\n[    3.458978] [\u003cffffffff800786cc\u003e] handle_simple_irq+0x9e/0xbe\\n[    3.459004] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\\n[    3.459027] [\u003cffffffff804bf87c\u003e] imsic_handle_irq+0xba/0x120\\n[    3.459056] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\\n[    3.459080] [\u003cffffffff804bdb76\u003e] riscv_intc_aia_irq+0x24/0x34\\n[    3.459103] [\u003cffffffff809d0452\u003e] handle_riscv_irq+0x2e/0x4c\\n[    3.459133] [\u003cffffffff809d923e\u003e] call_on_irq_stack+0x32/0x40\\n\\nSo only flush the local TLB and let the lazy kfence page fault handling\\ndeal with the faults which could happen when a core has an old protected\\npte version cached in its TLB. That leads to potential inaccuracies which\\ncan be tolerated when using kfence.\"}]",
      "id": "CVE-2024-53687",
      "lastModified": "2025-01-11T13:15:26.120",
      "published": "2025-01-11T13:15:26.120",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Received"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53687\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-11T13:15:26.120\",\"lastModified\":\"2025-10-15T20:46:50.773\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nriscv: Fix IPIs usage in kfence_protect_page()\\n\\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\\ncores, which triggers the following warning when the irqs are disabled:\\n\\n[    3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\\n[    3.456647] Modules linked in:\\n[    3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\\n[    3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\\n[    3.457633] epc : smp_call_function_many_cond+0x452/0x520\\n[    3.457736]  ra : on_each_cpu_cond_mask+0x1e/0x30\\n[    3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\\n[    3.457824]  gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\\n[    3.457859]  t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\\n[    3.457920]  s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\\n[    3.457953]  a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\\n[    3.458006]  a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\\n[    3.458042]  s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\\n[    3.458076]  s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\\n[    3.458109]  s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\\n[    3.458141]  s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\\n[    3.458172]  t5 : 0000000000000000 t6 : ff200000000236d0\\n[    3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\\n[    3.458373] [\u003cffffffff800b669a\u003e] smp_call_function_many_cond+0x452/0x520\\n[    3.458593] [\u003cffffffff800b67c2\u003e] on_each_cpu_cond_mask+0x1e/0x30\\n[    3.458625] [\u003cffffffff8000e4ca\u003e] __flush_tlb_range+0x118/0x1ca\\n[    3.458656] [\u003cffffffff8000e6b2\u003e] flush_tlb_kernel_range+0x1e/0x26\\n[    3.458683] [\u003cffffffff801ea56a\u003e] kfence_protect+0xc0/0xce\\n[    3.458717] [\u003cffffffff801e9456\u003e] kfence_guarded_free+0xc6/0x1c0\\n[    3.458742] [\u003cffffffff801e9d6c\u003e] __kfence_free+0x62/0xc6\\n[    3.458764] [\u003cffffffff801c57d8\u003e] kfree+0x106/0x32c\\n[    3.458786] [\u003cffffffff80588cf2\u003e] detach_buf_split+0x188/0x1a8\\n[    3.458816] [\u003cffffffff8058708c\u003e] virtqueue_get_buf_ctx+0xb6/0x1f6\\n[    3.458839] [\u003cffffffff805871da\u003e] virtqueue_get_buf+0xe/0x16\\n[    3.458880] [\u003cffffffff80613d6a\u003e] virtblk_done+0x5c/0xe2\\n[    3.458908] [\u003cffffffff8058766e\u003e] vring_interrupt+0x6a/0x74\\n[    3.458930] [\u003cffffffff800747d8\u003e] __handle_irq_event_percpu+0x7c/0xe2\\n[    3.458956] [\u003cffffffff800748f0\u003e] handle_irq_event+0x3c/0x86\\n[    3.458978] [\u003cffffffff800786cc\u003e] handle_simple_irq+0x9e/0xbe\\n[    3.459004] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\\n[    3.459027] [\u003cffffffff804bf87c\u003e] imsic_handle_irq+0xba/0x120\\n[    3.459056] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\\n[    3.459080] [\u003cffffffff804bdb76\u003e] riscv_intc_aia_irq+0x24/0x34\\n[    3.459103] [\u003cffffffff809d0452\u003e] handle_riscv_irq+0x2e/0x4c\\n[    3.459133] [\u003cffffffff809d923e\u003e] call_on_irq_stack+0x32/0x40\\n\\nSo only flush the local TLB and let the lazy kfence page fault handling\\ndeal with the faults which could happen when a core has an old protected\\npte version cached in its TLB. That leads to potential inaccuracies which\\ncan be tolerated when using kfence.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Se corrige el uso de IPI en kfence_protect_page(). flush_tlb_kernel_range() puede usar IPI para vaciar las TLB de todos los n\u00facleos, lo que activa la siguiente advertencia cuando las irq est\u00e1n deshabilitadas: [ 3.455330] ADVERTENCIA: CPU: 1 PID: 0 en kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] M\u00f3dulos vinculados en: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 No contaminado 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : funci\u00f3n_llamada_smp_muchas_cond+0x452/0x520 [ 3.457736] ra : en_cada_m\u00e1scara_cond_de_cpu+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0: ff2000000000bc10 [3.457920] s1: 0000000000000040 a0: ffffffff815221e0 a1: 0000000000000001 [3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 00000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7: 00000000000000001 [3.458109] s8: 0000000000000001 s9: ff60000080841ef0 s10: 0000000000000001 [ 3.458141] t11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] estado: 0000000200000100 direcci\u00f3n incorrecta: ffffffff800b669a causa: 0000000000000003 [ 3.458373] [] funci\u00f3n_llamada_smp_muchas_cond+0x452/0x520 [ 3.458593] [] en cada m\u00e1scara de condici\u00f3n de CPU+0x1e/0x30 [ 3.458625] [] __flush_tlb_range+0x118/0x1ca [ 3.458656] [] flush_tlb_kernel_range+0x1e/0x26 [ 3.458683] [] kfence_protect+0xc0/0xce [ 3.458717] [] kfence_guarded_free+0xc6/0x1c0 [ 3.458742] [] __kfence_free+0x62/0xc6 [ 3.458764] [] kfree+0x106/0x32c [ 3.458786] [] detach_buf_split+0x188/0x1a8 [ 3.458816] [] virtqueue_get_buf_ctx+0xb6/0x1f6 [ 3.458839] [] virtqueue_get_buf+0xe/0x16 [ 3.458880] [] virtblk_done+0x5c/0xe2 [ 3.458908] [] interrupci\u00f3n_de_vring+0x6a/0x74 [ 3.458930] [] __controlador_de_evento_irq_percpu+0x7c/0xe2 [ 3.458956] [] control_de_evento_irq+0x3c/0x86 [ 3.458978] [] control_de_irq_simple+0x9e/0xbe [ 3.459004] [] control_de_dominio_gen\u00e9rico_irq+0x1c/0x2a [ 3.459027] [] imsic_handle_irq+0xba/0x120 [ 3.459056] [] generic_handle_domain_irq+0x1c/0x2a [ 3.459080] [] riscv_intc_aia_irq+0x24/0x34 [ 3.459103] [] handle_riscv_irq+0x2e/0x4c [ 3.459133] [] call_on_irq_stack+0x32/0x40 Por lo tanto, solo limpie la TLB local y deje que la gesti\u00f3n de errores de p\u00e1gina de kfence se ocupe de los errores que podr\u00edan Esto ocurre cuando un n\u00facleo tiene una versi\u00f3n antigua de PTE protegida almacenada en cach\u00e9 en su TLB. Esto genera posibles imprecisiones que pueden tolerarse al usar kfence.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14\",\"versionEndExcluding\":\"6.6.67\",\"matchCriteriaId\":\"FE6300B6-140B-4F5A-A166-3E062B8CA657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.6\",\"matchCriteriaId\":\"0CB1A9BB-F95E-43DD-A2FD-147912FD91E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.