CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before
this change, the expected size of the user space buffer was taken from
fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so
it is possible construct a sigreturn frame where: * fx_sw->xstate_size is
smaller than the size required by valid bits in fx_sw->xfeatures. *
user-space unmaps parts of the sigrame fpu buffer so that not all of the
buffer required by xrstor is accessible. In this case, xrstor tries to
restore and accesses the unmapped area which results in a fault. But
fault_in_readable succeeds because buf + fx_sw->xstate_size is within the
still mapped area, so it goes back and tries xrstor again. It will spin in
this loop forever. Instead, fault in the maximum size which can be touched
by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject /
changelog ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1063.69~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1066.75 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < 6.5.0-1024.25~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1067.76.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < 5.15.0-1065.74~20.04.1.1 | UNKNOWN |
git.kernel.org/linus/d877550eaf2dc9090d782864c96939397a3c6835 (6.8-rc4)
launchpad.net/bugs/cve/CVE-2024-26603
nvd.nist.gov/vuln/detail/CVE-2024-26603
security-tracker.debian.org/tracker/CVE-2024-26603
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6871-1
ubuntu.com/security/notices/USN-6892-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26603