CVE-2024-36953

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully.

Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 4404465a1bee3607ad90a4c5f9e16dfd75b85728affected
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 17db92da8be5dd3bf63c01f4109fe47db64fc66faffected
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 3a5b0378ac6776c7c31b18e0f3c1389bd6005e80affected
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 8d6a1c8e3de36cb0f5e866f1a582b00939e23104affected
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 01981276d64e542c177b243f7c979fee855d5487affected
LinuxLinux7d450e2821710718fd6703e9c486249cee913bab < 6ddb4f372fc63210034b903d96ebbeb3c7195adbaffected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux5.10.217 <= 5.10.*unaffected
LinuxLinux5.15.159 <= 5.15.*unaffected
LinuxLinux6.1.91 <= 6.1.*unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References