CVE-2024-53135

Dec. 14, 2024, 9:15 p.m.

6.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.12

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.12 rc1 / / / / / /
o linux linux_kernel 6.12 rc2 / / / / / /
o linux linux_kernel 6.12 rc3 / / / / / /
o linux linux_kernel 6.12 rc4 / / / / / /
o linux linux_kernel 6.12 rc5 / / / / / /
o linux linux_kernel 6.12 rc6 / / / / / /
o linux linux_kernel 6.12 rc7 / / / / / /

References

https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17
https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2
https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec
https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de
https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406
https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b
https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD-CWE-noinfo
2024-12-04
CVE-2024-53135

CVSS Score

6.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Date

  • Published: Dec. 4, 2024, 3:15 p.m.
  • Last Modified: Dec. 14, 2024, 9:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.