[SRU][Jammy/Lunar/Mantic/OEM-6.5][PATCH 0/3] CVE-2023-46813
Magali Lemes
magali.lemes at canonical.com
Fri Dec 1 13:15:54 UTC 2023
[Impact]
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local
users with userspace access to MMIO registers. Incorrect access checking in the
#VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses
could lead to arbitrary write access to kernel memory (and thus privilege
escalation). This depends on a race condition through which userspace can
replace an instruction before the #VC handler reads it.
[Backport]
Clean cherry-picks.
[Test]
Compile and boot tested.
[Regression potential]
Limited to the users of AMD's SEV-ES feature.
Borislav Petkov (AMD) (1):
x86/sev: Disable MMIO emulation from user mode
Joerg Roedel (2):
x86/sev: Check IOBM for IOIO exceptions from user-space
x86/sev: Check for user-space IOIO pointing to kernel space
arch/x86/boot/compressed/sev.c | 10 +++++++
arch/x86/kernel/sev-shared.c | 53 ++++++++++++++++++++++++++++------
arch/x86/kernel/sev.c | 30 +++++++++++++++++++
3 files changed, 84 insertions(+), 9 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list