ghsa-cx75-fvjc-vvr8
Vulnerability from github
Published
2024-09-18 09:30
Modified
2024-11-20 21:30
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/tdx: Fix data leak in mmio_read()

The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM.

Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM.

This variable is only needed as an output value. It did not need to be passed to the VMM in the first place.

Do not send the original value of *val to the VMM.

[ dhansen: clarify what 'val' is used for. ]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-46794"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:06Z",
    "severity": "LOW"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what \u0027val\u0027 is used for. ]",
  "id": "GHSA-cx75-fvjc-vvr8",
  "modified": "2024-11-20T21:30:48Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46794"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.