CVE-2024-35801
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35801
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35801.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35801
- Downstream
- Related
- Published
- 2024-05-17T13:23:10Z
- Modified
- 2025-10-15T10:45:54.952420Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Keep xfdstate in sync with MSRIA32_XFD
Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a per CPU variable xfdstate to keep the MSRIA32_XFD value cached, in order to avoid unnecessary writes to the MSR.
On CPU hotplug MSRIA32XFD is reset to the init_fpstate.xfd, which wipes out any stale state. But the per CPU cached xfd value is not reset, which brings them out of sync.
As a consequence a subsequent xfdupdatestate() might fail to update the MSR which in turn can result in XRSTOR raising a #NM in kernel space, which crashes the kernel.
To fix this, introduce xfdsetstate() to write xfdstate together with MSRIA32XFD, and use it in all places that set MSRIA32_XFD.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422
- https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd
- https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d
- https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8
- https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624
Affected packages
Linux
Kernel
Kernel
Kernel
Kernel
Kernel
Kernel
Kernel
Git
git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced672365477ae8afca5a1cca98c1deb733235e4525Fixed21c7c00dae55cb0e3810d5f9506b58f68475d41d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced672365477ae8afca5a1cca98c1deb733235e4525Fixed1acbca933313aa866e39996904c9aca4d435c4cd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced672365477ae8afca5a1cca98c1deb733235e4525Fixed92b0f04e937665bde5768f3fcc622dcce44413d8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced672365477ae8afca5a1cca98c1deb733235e4525Fixedb61e3b7055ac6edee4be071c52f48c26472d2624
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced672365477ae8afca5a1cca98c1deb733235e4525Fixed10e4b5166df9ff7a2d5316138ca668b42d004422
Affected versions
v5.*
v5.15
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c"
},
"id": "CVE-2024-35801-01c1374f",
"digest": {
"line_hashes": [
"291583493542846734036414194535777825514",
"157656198078159594721686154018905089163",
"174348405582751909604609879796673209084",
"50768081441458774891866627870798007697",
"267712571857700298879259155586776259612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92b0f04e937665bde5768f3fcc622dcce44413d8"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c"
},
"id": "CVE-2024-35801-05ff60d5",
"digest": {
"line_hashes": [
"291583493542846734036414194535777825514",
"157656198078159594721686154018905089163",
"174348405582751909604609879796673209084",
"50768081441458774891866627870798007697",
"267712571857700298879259155586776259612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1acbca933313aa866e39996904c9aca4d435c4cd"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h",
"function": "xfd_update_state"
},
"id": "CVE-2024-35801-071508d3",
"digest": {
"length": 207.0,
"function_hash": "51396344188808079612302711146785400998"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1acbca933313aa866e39996904c9aca4d435c4cd"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h",
"function": "xfd_update_state"
},
"id": "CVE-2024-35801-5ca96955",
"digest": {
"length": 207.0,
"function_hash": "51396344188808079612302711146785400998"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e4b5166df9ff7a2d5316138ca668b42d004422"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h"
},
"id": "CVE-2024-35801-636ea329",
"digest": {
"line_hashes": [
"10494364186457743636570203024680208465",
"5700508811504713253796363268145613722",
"27061859337643628784964715552010682773",
"289933165477708546681190453307270958700",
"330446207991533581229010815897906867771",
"97327645538464623426917525447305095003",
"270971261372913486217463172489590008382",
"60350486317905754581965752861525663026",
"145293915764217819387342952931947616892",
"4286181829424971857104453566726706768",
"318458493278749825395736175686898230566",
"153373712550219950092245017263235473936",
"34499167068403319502220140430788456587",
"133981285248789886521039770814137762635",
"15967256431962215060483165417730408060",
"255781432187350002699401686357359385407"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1acbca933313aa866e39996904c9aca4d435c4cd"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h"
},
"id": "CVE-2024-35801-783ff062",
"digest": {
"line_hashes": [
"10494364186457743636570203024680208465",
"5700508811504713253796363268145613722",
"27061859337643628784964715552010682773",
"289933165477708546681190453307270958700",
"330446207991533581229010815897906867771",
"97327645538464623426917525447305095003",
"270971261372913486217463172489590008382",
"60350486317905754581965752861525663026",
"145293915764217819387342952931947616892",
"4286181829424971857104453566726706768",
"318458493278749825395736175686898230566",
"153373712550219950092245017263235473936",
"34499167068403319502220140430788456587",
"133981285248789886521039770814137762635",
"15967256431962215060483165417730408060",
"255781432187350002699401686357359385407"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92b0f04e937665bde5768f3fcc622dcce44413d8"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h",
"function": "xfd_update_state"
},
"id": "CVE-2024-35801-87b88395",
"digest": {
"length": 207.0,
"function_hash": "51396344188808079612302711146785400998"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92b0f04e937665bde5768f3fcc622dcce44413d8"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h"
},
"id": "CVE-2024-35801-a1118a1a",
"digest": {
"line_hashes": [
"10494364186457743636570203024680208465",
"5700508811504713253796363268145613722",
"27061859337643628784964715552010682773",
"289933165477708546681190453307270958700",
"330446207991533581229010815897906867771",
"97327645538464623426917525447305095003",
"270971261372913486217463172489590008382",
"60350486317905754581965752861525663026",
"145293915764217819387342952931947616892",
"4286181829424971857104453566726706768",
"318458493278749825395736175686898230566",
"153373712550219950092245017263235473936",
"34499167068403319502220140430788456587",
"133981285248789886521039770814137762635",
"15967256431962215060483165417730408060",
"255781432187350002699401686357359385407"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21c7c00dae55cb0e3810d5f9506b58f68475d41d"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h",
"function": "xfd_update_state"
},
"id": "CVE-2024-35801-a37855fa",
"digest": {
"length": 207.0,
"function_hash": "51396344188808079612302711146785400998"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b61e3b7055ac6edee4be071c52f48c26472d2624"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c"
},
"id": "CVE-2024-35801-ae8c3f09",
"digest": {
"line_hashes": [
"291583493542846734036414194535777825514",
"157656198078159594721686154018905089163",
"174348405582751909604609879796673209084",
"50768081441458774891866627870798007697",
"267712571857700298879259155586776259612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b61e3b7055ac6edee4be071c52f48c26472d2624"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h",
"function": "xfd_update_state"
},
"id": "CVE-2024-35801-aeb34803",
"digest": {
"length": 207.0,
"function_hash": "51396344188808079612302711146785400998"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21c7c00dae55cb0e3810d5f9506b58f68475d41d"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h"
},
"id": "CVE-2024-35801-af58488a",
"digest": {
"line_hashes": [
"10494364186457743636570203024680208465",
"5700508811504713253796363268145613722",
"27061859337643628784964715552010682773",
"289933165477708546681190453307270958700",
"330446207991533581229010815897906867771",
"97327645538464623426917525447305095003",
"270971261372913486217463172489590008382",
"60350486317905754581965752861525663026",
"145293915764217819387342952931947616892",
"4286181829424971857104453566726706768",
"318458493278749825395736175686898230566",
"153373712550219950092245017263235473936",
"34499167068403319502220140430788456587",
"133981285248789886521039770814137762635",
"15967256431962215060483165417730408060",
"255781432187350002699401686357359385407"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e4b5166df9ff7a2d5316138ca668b42d004422"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c",
"function": "fpu__init_cpu_xstate"
},
"id": "CVE-2024-35801-b1ac3a82",
"digest": {
"length": 400.0,
"function_hash": "121568362011218496855972049723897403534"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1acbca933313aa866e39996904c9aca4d435c4cd"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c",
"function": "fpu__init_cpu_xstate"
},
"id": "CVE-2024-35801-ba84d73e",
"digest": {
"length": 400.0,
"function_hash": "121568362011218496855972049723897403534"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b61e3b7055ac6edee4be071c52f48c26472d2624"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c",
"function": "fpu__init_cpu_xstate"
},
"id": "CVE-2024-35801-dd656c00",
"digest": {
"length": 400.0,
"function_hash": "121568362011218496855972049723897403534"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21c7c00dae55cb0e3810d5f9506b58f68475d41d"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c",
"function": "fpu__init_cpu_xstate"
},
"id": "CVE-2024-35801-dee20da9",
"digest": {
"length": 400.0,
"function_hash": "121568362011218496855972049723897403534"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e4b5166df9ff7a2d5316138ca668b42d004422"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.h"
},
"id": "CVE-2024-35801-ebe9644b",
"digest": {
"line_hashes": [
"10494364186457743636570203024680208465",
"5700508811504713253796363268145613722",
"27061859337643628784964715552010682773",
"289933165477708546681190453307270958700",
"330446207991533581229010815897906867771",
"97327645538464623426917525447305095003",
"270971261372913486217463172489590008382",
"60350486317905754581965752861525663026",
"145293915764217819387342952931947616892",
"4286181829424971857104453566726706768",
"318458493278749825395736175686898230566",
"153373712550219950092245017263235473936",
"34499167068403319502220140430788456587",
"133981285248789886521039770814137762635",
"15967256431962215060483165417730408060",
"255781432187350002699401686357359385407"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b61e3b7055ac6edee4be071c52f48c26472d2624"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c",
"function": "fpu__init_cpu_xstate"
},
"id": "CVE-2024-35801-f9b9a300",
"digest": {
"length": 400.0,
"function_hash": "121568362011218496855972049723897403534"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92b0f04e937665bde5768f3fcc622dcce44413d8"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c"
},
"id": "CVE-2024-35801-fcc5cf35",
"digest": {
"line_hashes": [
"291583493542846734036414194535777825514",
"157656198078159594721686154018905089163",
"174348405582751909604609879796673209084",
"50768081441458774891866627870798007697",
"267712571857700298879259155586776259612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e4b5166df9ff7a2d5316138ca668b42d004422"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "arch/x86/kernel/fpu/xstate.c"
},
"id": "CVE-2024-35801-fdf764b0",
"digest": {
"line_hashes": [
"291583493542846734036414194535777825514",
"157656198078159594721686154018905089163",
"174348405582751909604609879796673209084",
"50768081441458774891866627870798007697",
"267712571857700298879259155586776259612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21c7c00dae55cb0e3810d5f9506b58f68475d41d"
}
]
}