CVE-2023-52481 arm64: errata: Add Cortex-A520 speculative unprivileged load workaround

2024-02-2905:43:12

Linux

github.com

linux kernel

arm cortex-a520

speculative load

vulnerability fix

cpu erratum

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

arm64: errata: Add Cortex-A520 speculative unprivileged load workaround

Implement the workaround for ARM Cortex-A520 erratum 2966298. On an
affected Cortex-A520 core, a speculatively executed unprivileged load
might leak data from a privileged load via a cache side channel. The
issue only exists for loads within a translation regime with the same
translation (e.g. same ASID and VMID). Therefore, the issue only affects
the return to EL0.

The workaround is to execute a TLBI before returning to EL0 after all
loads of privileged data. A non-shareable TLBI to any address is
sufficient.

The workaround isn’t necessary if page table isolation (KPTI) is
enabled, but for simplicity it will be. Page table isolation should
normally be disabled for Cortex-A520 as it supports the CSV3 feature
and the E0PD feature (used when KASLR is enabled).

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "Documentation/arch/arm64/silicon-errata.rst",
      "arch/arm64/Kconfig",
      "arch/arm64/kernel/cpu_errata.c",
      "arch/arm64/kernel/entry.S",
      "arch/arm64/tools/cpucaps"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "6e3ae2927b43",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "32b0a4ffcaea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "471470bc7052",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "Documentation/arch/arm64/silicon-errata.rst",
      "arch/arm64/Kconfig",
      "arch/arm64/kernel/cpu_errata.c",
      "arch/arm64/kernel/entry.S",
      "arch/arm64/tools/cpucaps"
    ],
    "versions": [
      {
        "version": "6.1.57",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.5.7",
        "lessThanOrEqual": "6.5.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]