cve-2024-43874
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2024-11-05 09:41
Severity ?
EPSS score ?
Summary
crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:10.385758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:18.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccp/sev-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bbf2c94503f6",
"status": "affected",
"version": "1ca5614b84ee",
"versionType": "git"
},
{
"lessThan": "468e3295774d",
"status": "affected",
"version": "1ca5614b84ee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccp/sev-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked\n\nFix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.\nReturn from __sev_snp_shutdown_locked() if the psp_device or the\nsev_device structs are not initialized. Without the fix, the driver will\nproduce the following splat:\n\n ccp 0000:55:00.5: enabling device (0000 -\u003e 0002)\n ccp 0000:55:00.5: sev enabled\n ccp 0000:55:00.5: psp enabled\n BUG: kernel NULL pointer dereference, address: 00000000000000f0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808\n RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0\n R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8\n R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x6f/0xb0\n ? __die+0xcc/0xf0\n ? page_fault_oops+0x330/0x3a0\n ? save_trace+0x2a5/0x360\n ? do_user_addr_fault+0x583/0x630\n ? exc_page_fault+0x81/0x120\n ? asm_exc_page_fault+0x2b/0x30\n ? __sev_snp_shutdown_locked+0x2e/0x150\n __sev_firmware_shutdown+0x349/0x5b0\n ? pm_runtime_barrier+0x66/0xe0\n sev_dev_destroy+0x34/0xb0\n psp_dev_destroy+0x27/0x60\n sp_destroy+0x39/0x90\n sp_pci_remove+0x22/0x60\n pci_device_remove+0x4e/0x110\n really_probe+0x271/0x4e0\n __driver_probe_device+0x8f/0x160\n driver_probe_device+0x24/0x120\n __driver_attach+0xc7/0x280\n ? driver_attach+0x30/0x30\n bus_for_each_dev+0x10d/0x130\n driver_attach+0x22/0x30\n bus_add_driver+0x171/0x2b0\n ? unaccepted_memory_init_kdump+0x20/0x20\n driver_register+0x67/0x100\n __pci_register_driver+0x83/0x90\n sp_pci_init+0x22/0x30\n sp_mod_init+0x13/0x30\n do_one_initcall+0xb8/0x290\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? stack_depot_save_flags+0x21e/0x6a0\n ? local_clock+0x1c/0x60\n ? stack_depot_save_flags+0x21e/0x6a0\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __lock_acquire+0xd90/0xe30\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __create_object+0x66/0x100\n ? local_clock+0x1c/0x60\n ? __create_object+0x66/0x100\n ? parameq+0x1b/0x90\n ? parse_one+0x6d/0x1d0\n ? parse_args+0xd7/0x1f0\n ? do_initcall_level+0x180/0x180\n do_initcall_level+0xb0/0x180\n do_initcalls+0x60/0xa0\n ? kernel_init+0x1f/0x1d0\n do_basic_setup+0x41/0x50\n kernel_init_freeable+0x1ac/0x230\n ? rest_init+0x1f0/0x1f0\n kernel_init+0x1f/0x1d0\n ? rest_init+0x1f0/0x1f0\n ret_from_fork+0x3d/0x50\n ? rest_init+0x1f0/0x1f0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n Modules linked in:\n CR2: 00000000000000f0\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:41:35.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbf2c94503f6a421ed9b79e300d8085810da765d"
},
{
"url": "https://git.kernel.org/stable/c/468e3295774d0edce15f4ae475913b5076dd4f40"
}
],
"title": "crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43874",
"datePublished": "2024-08-21T00:06:26.153Z",
"dateReserved": "2024-08-17T09:11:59.281Z",
"dateUpdated": "2024-11-05T09:41:35.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43874\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-21T01:15:11.843\",\"lastModified\":\"2024-09-03T13:26:33.563\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked\\n\\nFix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.\\nReturn from __sev_snp_shutdown_locked() if the psp_device or the\\nsev_device structs are not initialized. Without the fix, the driver will\\nproduce the following splat:\\n\\n ccp 0000:55:00.5: enabling device (0000 -\u003e 0002)\\n ccp 0000:55:00.5: sev enabled\\n ccp 0000:55:00.5: psp enabled\\n BUG: kernel NULL pointer dereference, address: 00000000000000f0\\n #PF: supervisor read access in kernel mode\\n #PF: error_code(0x0000) - not-present page\\n PGD 0 P4D 0\\n Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\\n CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29\\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808\\n RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0\\n R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8\\n R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000\\n FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0\\n PKRU: 55555554\\n Call Trace:\\n \u003cTASK\u003e\\n ? __die_body+0x6f/0xb0\\n ? __die+0xcc/0xf0\\n ? page_fault_oops+0x330/0x3a0\\n ? save_trace+0x2a5/0x360\\n ? do_user_addr_fault+0x583/0x630\\n ? exc_page_fault+0x81/0x120\\n ? asm_exc_page_fault+0x2b/0x30\\n ? __sev_snp_shutdown_locked+0x2e/0x150\\n __sev_firmware_shutdown+0x349/0x5b0\\n ? pm_runtime_barrier+0x66/0xe0\\n sev_dev_destroy+0x34/0xb0\\n psp_dev_destroy+0x27/0x60\\n sp_destroy+0x39/0x90\\n sp_pci_remove+0x22/0x60\\n pci_device_remove+0x4e/0x110\\n really_probe+0x271/0x4e0\\n __driver_probe_device+0x8f/0x160\\n driver_probe_device+0x24/0x120\\n __driver_attach+0xc7/0x280\\n ? driver_attach+0x30/0x30\\n bus_for_each_dev+0x10d/0x130\\n driver_attach+0x22/0x30\\n bus_add_driver+0x171/0x2b0\\n ? unaccepted_memory_init_kdump+0x20/0x20\\n driver_register+0x67/0x100\\n __pci_register_driver+0x83/0x90\\n sp_pci_init+0x22/0x30\\n sp_mod_init+0x13/0x30\\n do_one_initcall+0xb8/0x290\\n ? sched_clock_noinstr+0xd/0x10\\n ? local_clock_noinstr+0x3e/0x100\\n ? stack_depot_save_flags+0x21e/0x6a0\\n ? local_clock+0x1c/0x60\\n ? stack_depot_save_flags+0x21e/0x6a0\\n ? sched_clock_noinstr+0xd/0x10\\n ? local_clock_noinstr+0x3e/0x100\\n ? __lock_acquire+0xd90/0xe30\\n ? sched_clock_noinstr+0xd/0x10\\n ? local_clock_noinstr+0x3e/0x100\\n ? __create_object+0x66/0x100\\n ? local_clock+0x1c/0x60\\n ? __create_object+0x66/0x100\\n ? parameq+0x1b/0x90\\n ? parse_one+0x6d/0x1d0\\n ? parse_args+0xd7/0x1f0\\n ? do_initcall_level+0x180/0x180\\n do_initcall_level+0xb0/0x180\\n do_initcalls+0x60/0xa0\\n ? kernel_init+0x1f/0x1d0\\n do_basic_setup+0x41/0x50\\n kernel_init_freeable+0x1ac/0x230\\n ? rest_init+0x1f0/0x1f0\\n kernel_init+0x1f/0x1d0\\n ? rest_init+0x1f0/0x1f0\\n ret_from_fork+0x3d/0x50\\n ? rest_init+0x1f0/0x1f0\\n ret_from_fork_asm+0x11/0x20\\n \u003c/TASK\u003e\\n Modules linked in:\\n CR2: 00000000000000f0\\n ---[ end trace 0000000000000000 ]---\\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\\n RDX: 0000000\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: ccp - Se corrige la desreferencia del puntero nulo en __sev_snp_shutdown_locked Se corrige la desreferencia del puntero nulo inducida por DEBUG_TEST_DRIVER_REMOVE. Regresa desde __sev_snp_shutdown_locked() si las estructuras psp_device o sev_device no est\u00e1n inicializadas. Sin la soluci\u00f3n, el controlador producir\u00e1 el siguiente s\u00edmbolo: ccp 0000:55:00.5: dispositivo de habilitaci\u00f3n (0000 -\u0026gt; 0002) ccp 0000:55:00.5: sev habilitado ccp 0000:55:00.5: psp habilitado ERROR: puntero NULL del kernel desreferencia, direcci\u00f3n: 00000000000000f0 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI CPU: 262 PID: 1 Comm: swapper /0 No contaminado 6.9.0-rc1+ #29 RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 C\u00f3digo: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u0026lt;4c\u0026gt; 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX : ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 00000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R 15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000 (0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 70ef0 PKRU: 55555554 Seguimiento de llamadas: ? __die_body+0x6f/0xb0 ? __die+0xcc/0xf0 ? page_fault_oops+0x330/0x3a0? save_trace+0x2a5/0x360? do_user_addr_fault+0x583/0x630? exc_page_fault+0x81/0x120? asm_exc_page_fault+0x2b/0x30? __sev_snp_shutdown_locked+0x2e/0x150 __sev_firmware_shutdown+0x349/0x5b0 ? pm_runtime_barrier+0x66/0xe0 sev_dev_destroy+0x34/0xb0 psp_dev_destroy+0x27/0x60 sp_destroy+0x39/0x90 sp_pci_remove+0x22/0x60 pci_device_remove+0x4e/0x110 Actually_probe+0x271/0x4 e0 __driver_probe_device+0x8f/0x160 driver_probe_device+0x24/0x120 __driver_attach+0xc7/0x280 ? driver_attach+0x30/0x30 bus_for_each_dev+0x10d/0x130 driver_attach+0x22/0x30 bus_add_driver+0x171/0x2b0? unaccepted_memory_init_kdump+0x20/0x20 driver_register+0x67/0x100 __pci_register_driver+0x83/0x90 sp_pci_init+0x22/0x30 sp_mod_init+0x13/0x30 do_one_initcall+0xb8/0x290 ? sched_clock_noinstr+0xd/0x10? local_clock_noinstr+0x3e/0x100? stack_depot_save_flags+0x21e/0x6a0? reloj_local+0x1c/0x60? stack_depot_save_flags+0x21e/0x6a0? sched_clock_noinstr+0xd/0x10? local_clock_noinstr+0x3e/0x100? __lock_acquire+0xd90/0xe30? sched_clock_noinstr+0xd/0x10? local_clock_noinstr+0x3e/0x100? __create_object+0x66/0x100? reloj_local+0x1c/0x60? __create_object+0x66/0x100? parameq+0x1b/0x90 ? parse_one+0x6d/0x1d0? parse_args+0xd7/0x1f0? do_initcall_level+0x180/0x180 do_initcall_level+0xb0/0x180 do_initcalls+0x60/0xa0 ? kernel_init+0x1f/0x1d0 do_basic_setup+0x41/0x50 kernel_init_freeable+0x1ac/0x230 ? rest_init+0x1f0/0x1f0 kernel_init+0x1f/0x1d0? rest_init+0x1f0/0x1f0 ret_from_fork+0x3d/0x50 ? rest_init+0x1f0/0x1f0 ret_from_fork_asm+0x11/0x20 M\u00f3dulos vinculados en: CR2: 00000000000000f0 ---[ seguimiento final 0000000000000000 ]--- RIP:__sev_snp_shutdown_locked+0x2e/0 x150 C\u00f3digo: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u0026lt;4c\u0026gt; 8b a0 f0 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 : 0000000 ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.10.3\",\"matchCriteriaId\":\"3332351F-A9A1-4AD4-BEDB-5B3BBD5B7279\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/468e3295774d0edce15f4ae475913b5076dd4f40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bbf2c94503f6a421ed9b79e300d8085810da765d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.