In the Linux kernel, the following vulnerability has been resolved: KVM:
arm64: Fix circular locking dependency The rule inside kvm enforces that
the vcpu->mutex is taken inside kvm->lock. The rule is violated by the
pkvm_create_hyp_vm() which acquires the kvm->lock while already holding the
vcpu->mutex lock from kvm_vcpu_ioctl(). Avoid the circular locking
dependency altogether by protecting the hyp vm handle with the config_lock,
much like we already do for other forms of VM-scoped data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5)
git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc
git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc
git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228
launchpad.net/bugs/cve/CVE-2024-26691
nvd.nist.gov/vuln/detail/CVE-2024-26691
security-tracker.debian.org/tracker/CVE-2024-26691
www.cve.org/CVERecord?id=CVE-2024-26691