CVE-2024-50139
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/11/2024
Last modified:
01/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: arm64: Fix shift-out-of-bounds bug<br />
<br />
Fix a shift-out-of-bounds bug reported by UBSAN when running<br />
VM with MTE enabled host kernel.<br />
<br />
UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14<br />
shift exponent 33 is too large for 32-bit type &#39;int&#39;<br />
CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34<br />
Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024<br />
Call trace:<br />
dump_backtrace+0xa0/0x128<br />
show_stack+0x20/0x38<br />
dump_stack_lvl+0x74/0x90<br />
dump_stack+0x18/0x28<br />
__ubsan_handle_shift_out_of_bounds+0xf8/0x1e0<br />
reset_clidr+0x10c/0x1c8<br />
kvm_reset_sys_regs+0x50/0x1c8<br />
kvm_reset_vcpu+0xec/0x2b0<br />
__kvm_vcpu_set_target+0x84/0x158<br />
kvm_vcpu_set_target+0x138/0x168<br />
kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0<br />
kvm_arch_vcpu_ioctl+0x28c/0x4b8<br />
kvm_vcpu_ioctl+0x4bc/0x7a8<br />
__arm64_sys_ioctl+0xb4/0x100<br />
invoke_syscall+0x70/0x100<br />
el0_svc_common.constprop.0+0x48/0xf0<br />
do_el0_svc+0x24/0x38<br />
el0_svc+0x3c/0x158<br />
el0t_64_sync_handler+0x120/0x130<br />
el0t_64_sync+0x194/0x198
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.3 (including) | 6.6.59 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page