CVE-2024-40953
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-40953
CVE Details
| Release Date: | 2024-07-12 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\nUse {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the\nloads and stores are atomic. In the extremely unlikely scenario the\ncompiler tears the stores, it's theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\nCPU0 CPU1\nlast_boosted_vcpu = 0xff;\n(last_boosted_vcpu = 0x100)\nlast_boosted_vcpu[15:8] = 0x01;\ni = (last_boosted_vcpu = 0x1ff)\nlast_boosted_vcpu[7:0] = 0x00;\nvcpu = kvm->vcpu_array[0x1ff];\nAs detected by KCSAN:\nBUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\nwrite to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\nkvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\nhandle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\nvmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\narch/x86/kvm/vmx/vmx.c:6606) kvm_intel\nvcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\nkvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\nkvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n__x64_sys_ioctl (fs/ioctl.c:890)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nread to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\nkvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\nhandle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\nvmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\narch/x86/kvm/vmx/vmx.c:6606) kvm_intel\nvcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\nkvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\nkvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n__x64_sys_ioctl (fs/ioctl.c:890)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nvalue changed: 0x00000012 -> 0x00000000
See more information about CVE-2024-40953 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 4.7 |
| Vector String: | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | High |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
