CVE-2024-35802

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35802
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

28 May 2024, 19:15

Type Values Removed Values Added
Summary (en) In the Linux kernel, the following vulnerability has been resolved: x86/sev: Fix position dependent variable references in startup code The early startup code executes from a 1:1 mapping of memory, which differs from the mapping that the code was linked and/or relocated to run at. The latter mapping is not active yet at this point, and so symbol references that rely on it will fault. Given that the core kernel is built without -fPIC, symbol references are typically emitted as absolute, and so any such references occuring in the early startup code will therefore crash the kernel. While an attempt was made to work around this for the early SEV/SME startup code, by forcing RIP-relative addressing for certain global SEV/SME variables via inline assembly (see snp_cpuid_get_table() for example), RIP-relative addressing must be pervasively enforced for SEV/SME global variables when accessed prior to page table fixups. __startup_64() already handles this issue for select non-SEV/SME global variables using fixup_pointer(), which adjusts the pointer relative to a `physaddr` argument. To avoid having to pass around this `physaddr` argument across all functions needing to apply pointer fixups, introduce a macro RIP_RELATIVE_REF() which generates a RIP-relative reference to a given global variable. It is used where necessary to force RIP-relative accesses to global variables. For backporting purposes, this patch makes no attempt at cleaning up other occurrences of this pattern, involving either inline asm or fixup_pointer(). Those will be addressed later. [ bp: Call it "rip_rel_ref" everywhere like other code shortens "rIP-relative reference" and make the asm wrapper __always_inline. ] (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
References
  • {'url': 'https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

17 May 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-17 14:15

Updated : 2024-05-28 19:15

NVD link : CVE-2024-35802

Mitre link : CVE-2024-35802

CVE.ORG link : CVE-2024-35802

JSON object : View

Products Affected

No product.

CWE

No CWE.