In the Linux kernel, the following vulnerability has been resolved: ACPI:
CPPC: Use access_width over bit_width for system memory accesses To align
with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be
depended on to be always on a clean 8b boundary. This was uncovered on the
Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 – SError
CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware
name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009
(nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=–) pc :
cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp :
ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27:
ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24:
00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21:
0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18:
ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15:
ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12:
0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 :
ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 :
ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 :
00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 :
0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt
CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware
name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace:
dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8
dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0
arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4
do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80
cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400
[cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4
subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354
cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250
do_init_module+0x60/0x27c load_module+0x2300/0x2570
__do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c
invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0
do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c
el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size
and use the offset and width to shift and mask the bits to read/write out.
Make sure to add a check for system memory since pcc redefines the
access_width to subspace id. If access_width is not set, then fall back to
using bit_width. [ rjw: Subject and changelog edits, comment adjustments ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)
git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3
git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4
git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c
git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87
git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1
git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3
git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2
launchpad.net/bugs/cve/CVE-2024-35995
nvd.nist.gov/vuln/detail/CVE-2024-35995
security-tracker.debian.org/tracker/CVE-2024-35995
www.cve.org/CVERecord?id=CVE-2024-35995