In the Linux kernel, the following vulnerability has been resolved: parisc:
Fix random data corruption from exception handler The current exception
handler implementation, which assists when accessing user space memory, may
exhibit random data corruption if the compiler decides to use a different
register than the specified register %r29 (defined in
ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another
register, the fault handler will nevertheless store -EFAULT into %r29 and
thus trash whatever this register is used for. Looking at the assembly I
found that this happens sometimes in emulate_ldd(). To solve the issue, the
easiest solution would be if it somehow is possible to tell the fault
handler which register is used to hold the error code. Using %0 or %1 in
the inline assembly is not posssible as it will show up as e.g. %r29 (with
the “%r” prefix), which the GNU assembler can not convert to an integer.
This patch takes another, better and more flexible approach: We extend the
__ex_table (which is out of the execution path) by one 32-word. In this
word we tell the compiler to insert the assembler instruction “or
%r0,%r0,%reg”, where %reg references the register which the compiler
choosed for the error return code. In case of an access failure, the fault
handler finds the __ex_table entry and can examine the opcode. The used
register is encoded in the lowest 5 bits, and the fault handler can then
store -EFAULT into this register. Since we extend the __ex_table to 3 words
we can’t use the BUILDTIME_TABLE_SORT config option any longer.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/8b1d72395635af45410b66cc4c4ab37a12c4a831 (6.8-rc3)
git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592
git.kernel.org/stable/c/8b1d72395635af45410b66cc4c4ab37a12c4a831
git.kernel.org/stable/c/ce31d79aa1f13a2345791f84935281a2c194e003
git.kernel.org/stable/c/fa69a8063f8b27f3c7434a0d4f464a76a62f24d2
launchpad.net/bugs/cve/CVE-2024-26706
nvd.nist.gov/vuln/detail/CVE-2024-26706
security-tracker.debian.org/tracker/CVE-2024-26706
www.cve.org/CVERecord?id=CVE-2024-26706