CVE-2024-35995

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-35995
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35995.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35995
Downstream
Related
Published
2024-05-20T09:47:59.057Z
Modified
2026-03-14T12:34:06.307903Z
Summary
ACPI: CPPC: Use access_width over bit_width for system memory accesses
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Use accesswidth over bitwidth for system memory accesses

To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform.

SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppcgetperfcaps+0xec/0x410 lr : cppcgetperfcaps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dumpbacktrace+0x0/0x1e0 showstack+0x24/0x30 dumpstacklvl+0x8c/0xb8 dumpstack+0x18/0x34 panic+0x16c/0x384 addtaint+0x0/0xc0 arm64serrorpanic+0x7c/0x90 arm64isfatalrasserror+0x34/0xa4 doserror+0x50/0x6c el1h64errorhandler+0x40/0x74 el1h64error+0x7c/0x80 cppcgetperfcaps+0xec/0x410 cppccpufreqcpuinit+0x74/0x400 [cppccpufreq] cpufreqonline+0x2dc/0xa30 cpufreqadddev+0xc0/0xd4 subsysinterfaceregister+0x134/0x14c cpufreqregisterdriver+0x1b0/0x354 cppccpufreqinit+0x1a8/0x1000 [cppccpufreq] dooneinitcall+0x50/0x250 doinitmodule+0x60/0x27c loadmodule+0x2300/0x2570 __dosysfinit_module+0xa8/0x114 __arm64sysfinitmodule+0x2c/0x3c invokesyscall+0x78/0x100 el0svccommon.constprop.0+0x180/0x1a0 doel0svc+0x84/0xa0 el0svc+0x2c/0xc0 el0t64synchandler+0xa4/0x12c el0t64sync+0x1a4/0x1a8

Instead, use accesswidth to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the accesswidth to subspace id.

If accesswidth is not set, then fall back to using bitwidth.

[ rjw: Subject and changelog edits, comment adjustments ]

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35995.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5bbb86aa4b8d84395e42cd05448820651d79f349
Fixed
01fc53be672acae37e611c80cc0b4f3939584de3
Fixed
1b890ae474d19800a6be1696df7fb4d9a41676e4
Fixed
6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1
Fixed
2f4a4d63a193be6fd530d180bb13c3592052904c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35995.json"