CVE-2024-50275— Linux kernel 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-50275 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
arm64/sve: Discard stale CPU state when handling SVE traps
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于处理SVE陷阱时的陈旧CPU状态存在问题。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-50275 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-50275 的情报信息
请登录查看更多情报信息。
同批安全公告 · Linux · 2024-11-19 · 共 88 条
| CVE-2024-53057 | Linux kernel 安全漏洞 | |
| CVE-2024-53053 | Linux kernel 安全漏洞 | |
| CVE-2024-53055 | Linux kernel 安全漏洞 | |
| CVE-2024-53052 | Linux kernel 安全漏洞 | |
| CVE-2024-53048 | Linux kernel 安全漏洞 | |
| CVE-2024-53049 | Linux kernel 安全漏洞 | |
| CVE-2024-53047 | Linux kernel 安全漏洞 | |
| CVE-2024-53045 | Linux kernel 安全漏洞 | |
| CVE-2024-53046 | Linux kernel 安全漏洞 | |
| CVE-2024-53051 | Linux kernel 安全漏洞 | |
| CVE-2024-53056 | Linux kernel 安全漏洞 | |
| CVE-2024-53058 | Linux kernel 安全漏洞 | |
| CVE-2024-53059 | Linux kernel 安全漏洞 | |
| CVE-2024-53060 | Linux kernel 安全漏洞 | |
| CVE-2024-53061 | Linux kernel 安全漏洞 | |
| CVE-2024-53062 | Linux kernel 安全漏洞 | |
| CVE-2024-53064 | Linux kernel 安全漏洞 | |
| CVE-2024-53063 | Linux kernel 安全漏洞 | |
| CVE-2024-53066 | Linux kernel 安全漏洞 | |
| CVE-2024-53065 | Linux kernel 安全漏洞 |
显示前 20 条,共 88 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-50275
暂无评论