CVE-2024-53135

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2024
Last modified:
14/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN<br /> <br /> Hide KVM&amp;#39;s pt_mode module param behind CONFIG_BROKEN, i.e. disable support<br /> for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are<br /> myriad bugs in the implementation, some of which are fatal to the guest,<br /> and others which put the stability and health of the host at risk.<br /> <br /> For guest fatalities, the most glaring issue is that KVM fails to ensure<br /> tracing is disabled, and *stays* disabled prior to VM-Enter, which is<br /> necessary as hardware disallows loading (the guest&amp;#39;s) RTIT_CTL if tracing<br /> is enabled (enforced via a VMX consistency check). Per the SDM:<br /> <br /> If the logical processor is operating with Intel PT enabled (if<br /> IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load<br /> IA32_RTIT_CTL" VM-entry control must be 0.<br /> <br /> On the host side, KVM doesn&amp;#39;t validate the guest CPUID configuration<br /> provided by userspace, and even worse, uses the guest configuration to<br /> decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring<br /> guest CPUID to enumerate more address ranges than are supported in hardware<br /> will result in KVM trying to passthrough, save, and load non-existent MSRs,<br /> which generates a variety of WARNs, ToPA ERRORs in the host, a potential<br /> deadlock, etc.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.0 (including) 6.1.119 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.63 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.10 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*