CVE-2024-53137

Summary

In the Linux kernel, the following vulnerability has been resolved:

ARM: fix cacheflush with PAN

It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7af5b901e84743c608aae90cb0e429702812c324 < e6960a2ed49c9a25357817535f7cc50594a58604affected
LinuxLinux7af5b901e84743c608aae90cb0e429702812c324 < ca29cfcc4a21083d671522ad384532e28a43f033affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.11.10 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References