CVE-2024-44948

CVE Details

Release Date:

2024-09-04

Description

In the Linux kernel, the following vulnerability has been resolved:\nx86/mtrr: Check if fixed MTRRs exist before saving them\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP. The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\nAdd the missing capability check to prevent this.

See more information about CVE-2024-44948 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality:	None
Integrity:	None
Availability:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12780	2024-10-11
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12782	2024-10-14
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12868	2024-12-06
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12780	2024-10-11
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12782	2024-10-14
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12815	2024-11-11
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12815	2024-11-11