CVE-2023-53647

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Drivers: hv: vmbus: Don&amp;#39;t dereference ACPI root object handle<br /> <br /> Since the commit referenced in the Fixes: tag below the VMBus client driver<br /> is walking the ACPI namespace up from the VMBus ACPI device to the ACPI<br /> namespace root object trying to find Hyper-V MMIO ranges.<br /> <br /> However, if it is not able to find them it ends trying to walk resources of<br /> the ACPI namespace root object itself.<br /> This object has all-ones handle, which causes a NULL pointer dereference<br /> in the ACPI code (from dereferencing this pointer with an offset).<br /> <br /> This in turn causes an oops on boot with VMBus host implementations that do<br /> not provide Hyper-V MMIO ranges in their VMBus ACPI device or its<br /> ancestors.<br /> The QEMU VMBus implementation is an example of such implementation.<br /> <br /> I guess providing these ranges is optional, since all tested Windows<br /> versions seem to be able to use VMBus devices without them.<br /> <br /> Fix this by explicitly terminating the lookup at the ACPI namespace root<br /> object.<br /> <br /> Note that Linux guests under KVM/QEMU do not use the Hyper-V PV interface<br /> by default - they only do so if the KVM PV interface is missing or<br /> disabled.<br /> <br /> Example stack trace of such oops:<br /> [ 3.710827] ? __die+0x1f/0x60<br /> [ 3.715030] ? page_fault_oops+0x159/0x460<br /> [ 3.716008] ? exc_page_fault+0x73/0x170<br /> [ 3.716959] ? asm_exc_page_fault+0x22/0x30<br /> [ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0<br /> [ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0<br /> [ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0<br /> [ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200<br /> [ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0<br /> [ 3.723559] ? down_timeout+0x3a/0x60<br /> [ 3.724455] ? acpi_ns_get_node+0x3a/0x60<br /> [ 3.725412] acpi_ns_get_node+0x3a/0x60<br /> [ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0<br /> [ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0<br /> [ 3.728400] acpi_rs_get_method_data+0x2b/0x70<br /> [ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]<br /> [ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]<br /> [ 3.732411] acpi_walk_resources+0x78/0xd0<br /> [ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]<br /> [ 3.734802] platform_probe+0x3d/0x90<br /> [ 3.735684] really_probe+0x19b/0x400<br /> [ 3.736570] ? __device_attach_driver+0x100/0x100<br /> [ 3.737697] __driver_probe_device+0x78/0x160<br /> [ 3.738746] driver_probe_device+0x1f/0x90<br /> [ 3.739743] __driver_attach+0xc2/0x1b0<br /> [ 3.740671] bus_for_each_dev+0x70/0xc0<br /> [ 3.741601] bus_add_driver+0x10e/0x210<br /> [ 3.742527] driver_register+0x55/0xf0<br /> [ 3.744412] ? 0xffffffffc039a000<br /> [ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]