In the Linux kernel, the following vulnerability has been resolved:
x86/sev: Fix position dependent variable references in startup code The
early startup code executes from a 1:1 mapping of memory, which differs
from the mapping that the code was linked and/or relocated to run at. The
latter mapping is not active yet at this point, and so symbol references
that rely on it will fault. Given that the core kernel is built without
-fPIC, symbol references are typically emitted as absolute, and so any such
references occuring in the early startup code will therefore crash the
kernel. While an attempt was made to work around this for the early SEV/SME
startup code, by forcing RIP-relative addressing for certain global SEV/SME
variables via inline assembly (see snp_cpuid_get_table() for example),
RIP-relative addressing must be pervasively enforced for SEV/SME global
variables when accessed prior to page table fixups. __startup_64() already
handles this issue for select non-SEV/SME global variables using
fixup_pointer(), which adjusts the pointer relative to a physaddr
argument. To avoid having to pass around this physaddr
argument across
all functions needing to apply pointer fixups, introduce a macro
RIP_RELATIVE_REF() which generates a RIP-relative reference to a given
global variable. It is used where necessary to force RIP-relative accesses
to global variables. For backporting purposes, this patch makes no attempt
at cleaning up other occurrences of this pattern, involving either inline
asm or fixup_pointer(). Those will be addressed later. [ bp: Call it
“rip_rel_ref” everywhere like other code shortens “rIP-relative reference”
and make the asm wrapper __always_inline. ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/1c811d403afd73f04bde82b83b24c754011bd0e8 (6.9-rc1)
git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535
git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8
git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9
git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07
git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90
launchpad.net/bugs/cve/CVE-2024-35802
nvd.nist.gov/vuln/detail/CVE-2024-35802
security-tracker.debian.org/tracker/CVE-2024-35802
www.cve.org/CVERecord?id=CVE-2024-35802