CVE-2024-50193
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/entry_32: Clear CPU buffers after register restore in NMI return
CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data.
Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 50f021f0b985629accf10481a6e89af8b9700583 < 6f44a5fc15b5cece0785bc07453db77d99b0a6de | affected |
| Linux | Linux | d54de9f2a127090f2017184e8257795b487d5312 < b6400eb0b347821efc57760221f8fb6d63b9548a | affected |
| Linux | Linux | 2e3087505ddb8ba2d3d4c81306cca11e868fcdb9 < 43778de19d2ef129636815274644b9c16e78c66b | affected |
| Linux | Linux | ca13d8cd8dac25558da4ee8df4dc70e8e7f9d762 < 227358e89703c344008119be7e8ffa3fdb5b92de | affected |
| Linux | Linux | a0e2dab44d22b913b4c228c8b52b2a104434b0b3 < 64adf22c4bc73ede920baca5defefb70f190cdbc | affected |
| Linux | Linux | a0e2dab44d22b913b4c228c8b52b2a104434b0b3 < 48a2440d0f20c826b884e04377ccc1e4696c84e9 | affected |
| Linux | Linux | 51eca9f1fd047b500137d021f882d93f03280118 | affected |
| Linux | Linux | 5.10.215 < 5.10.228 | affected |
| Linux | Linux | 5.15.154 < 5.15.169 | affected |
| Linux | Linux | 6.1.81 < 6.1.114 | affected |
| Linux | Linux | 6.6.21 < 6.6.58 | affected |
| Linux | Linux | 6.7.9 < 6.8 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 5.10.228 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.169 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.114 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.58 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.5 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
References
- https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de
- https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a
- https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b
- https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de
- https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc
- https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.