CVE-2024-46864
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-46864
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46864.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-46864
- Related
- Published
- 2024-09-27T13:15:17Z
- Modified
- 2024-10-03T16:48:36.596064Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
x86/hyperv: fix kexec crash due to VP assist page corruption
commit 9636be85cc5b ("x86/hyperv: Fix hypervpcpuinput_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization.
cpuhpsetupstate() returns the state number if state is CPUHPAPONLINEDYN or CPUHPBPPREPAREDYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hvmachineshutdown(), the cpuhpremovestate() call is conditioned upon "hypervinitcpuhp > 0". This will never be true and so hvcpudie() won't be called on all CPUs. This means the VP assist page won't be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues").
Get rid of hypervinitcpuhp entirely since we are no longer using a dynamic cpuhp state and use CPUHPAPHYPERVONLINE directly with cpuhpremove_state().
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.10.11-1