CVE-2024-38667

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: prevent pt_regs corruption for secondary idle threads<br /> <br /> Top of the kernel thread stack should be reserved for pt_regs. However<br /> this is not the case for the idle threads of the secondary boot harts.<br /> Their stacks overlap with their pt_regs, so both may get corrupted.<br /> <br /> Similar issue has been fixed for the primary hart, see c7cdd96eca28<br /> ("riscv: prevent stack corruption by reserving task_pt_regs(p) early").<br /> However that fix was not propagated to the secondary harts. The problem<br /> has been noticed in some CPU hotplug tests with V enabled. The function<br /> smp_callin stored several registers on stack, corrupting top of pt_regs<br /> structure including status field. As a result, kernel attempted to save<br /> or restore inexistent V context.