CVE-2024-35995

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ACPI: CPPC: Use access_width over bit_width for system memory accesses<br /> <br /> To align with ACPI 6.3+, since bit_width can be any 8-bit value, it<br /> cannot be depended on to be always on a clean 8b boundary. This was<br /> uncovered on the Cobalt 100 platform.<br /> <br /> SError Interrupt on CPU26, code 0xbe000011 -- SError<br /> CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1<br /> Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION<br /> pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)<br /> pc : cppc_get_perf_caps+0xec/0x410<br /> lr : cppc_get_perf_caps+0xe8/0x410<br /> sp : ffff8000155ab730<br /> x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078<br /> x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff<br /> x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000<br /> x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff<br /> x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008<br /> x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006<br /> x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec<br /> x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028<br /> x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff<br /> x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000<br /> Kernel panic - not syncing: Asynchronous SError Interrupt<br /> CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted<br /> 5.15.2.1-13 #1<br /> Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION<br /> Call trace:<br /> dump_backtrace+0x0/0x1e0<br /> show_stack+0x24/0x30<br /> dump_stack_lvl+0x8c/0xb8<br /> dump_stack+0x18/0x34<br /> panic+0x16c/0x384<br /> add_taint+0x0/0xc0<br /> arm64_serror_panic+0x7c/0x90<br /> arm64_is_fatal_ras_serror+0x34/0xa4<br /> do_serror+0x50/0x6c<br /> el1h_64_error_handler+0x40/0x74<br /> el1h_64_error+0x7c/0x80<br /> cppc_get_perf_caps+0xec/0x410<br /> cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]<br /> cpufreq_online+0x2dc/0xa30<br /> cpufreq_add_dev+0xc0/0xd4<br /> subsys_interface_register+0x134/0x14c<br /> cpufreq_register_driver+0x1b0/0x354<br /> cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]<br /> do_one_initcall+0x50/0x250<br /> do_init_module+0x60/0x27c<br /> load_module+0x2300/0x2570<br /> __do_sys_finit_module+0xa8/0x114<br /> __arm64_sys_finit_module+0x2c/0x3c<br /> invoke_syscall+0x78/0x100<br /> el0_svc_common.constprop.0+0x180/0x1a0<br /> do_el0_svc+0x84/0xa0<br /> el0_svc+0x2c/0xc0<br /> el0t_64_sync_handler+0xa4/0x12c<br /> el0t_64_sync+0x1a4/0x1a8<br /> <br /> Instead, use access_width to determine the size and use the offset and<br /> width to shift and mask the bits to read/write out. Make sure to add a<br /> check for system memory since pcc redefines the access_width to<br /> subspace id.<br /> <br /> If access_width is not set, then fall back to using bit_width.<br /> <br /> [ rjw: Subject and changelog edits, comment adjustments ]