In the Linux kernel, the following vulnerability has been resolved: x86/mm:
Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit
platforms, the pfn_to_kaddr() macro requires that the input value is 64
bits in order to ensure that valid address bits don’t get lost when
shifting that input by PAGE_SHIFT to calculate the physical address to
provide a virtual address for. One such example is in pvalidate_pages()
(used by SEV-SNP guests), where the GFN in the struct used for page-state
change requests is a 40-bit bit-field, so attempts to pass this GFN field
directly into pfn_to_kaddr() ends up causing guest crashes when dealing
with addresses above the 1TB range due to the above. Fix this issue with
SEV-SNP guests, as well as any similar cases that might cause issues in
current/future code, by using an inline function, instead of a macro, so
that the input is implicitly cast to the expected 64-bit input type prior
to performing the shift operation. While it might be argued that the issue
is on the caller side, other archs/macros have taken similar approaches to
deal with instances like this, such as ARM explicitly casting the input to
phys_addr_t: e48866647b48 (“ARM: 8396/1: use phys_addr_t in
pfn_to_kaddr()”) A C inline function is even better though. [ mingo:
Refined the changelog some more & added __always_inline. ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/8e5647a723c49d73b9f108a8bb38e8c29d3948ea (6.9-rc1)
git.kernel.org/stable/c/325956b0173f11e98f90462be4829a8b8b0682ce
git.kernel.org/stable/c/7e1471888a5e6e846e9b4d306e5327db2b58e64e
git.kernel.org/stable/c/814305b5c23cb815ada68d43019f39050472b25f
git.kernel.org/stable/c/8e5647a723c49d73b9f108a8bb38e8c29d3948ea
launchpad.net/bugs/cve/CVE-2023-52659
nvd.nist.gov/vuln/detail/CVE-2023-52659
security-tracker.debian.org/tracker/CVE-2023-52659
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
www.cve.org/CVERecord?id=CVE-2023-52659