CVE-2024-42240: x86/bhi: Avoid warning in #DB handler due to BHI mitigation
In the Linux kernel, the following vulnerability has been resolved:
x86/bhi: Avoid warning in #DB handler due to BHI mitigation
When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entrySYSENTERcompat() uses CLEARBRANCHHISTORY and calls the clearbhbloop() before the TF flag is cleared. This causes the #DB handler (excdebugkernel()) to issue a warning because single-step is used outside the entrySYSENTERcompat() function.
To address this issue, entrySYSENTERcompat() should use CLEARBRANCHHISTORY after making sure the TF flag is cleared.
The problem can be reproduced with the following sequence:
$ cat sysenterstep.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
$ gcc -o sysenterstep sysenterstep.c
$ ./sysenterstep Segmentation fault (core dumped)
The program is expected to crash, and the #DB handler will issue a warning.
Kernel log:
WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 excdebugkernel+0xd2/0x160 ... RIP: 0010:excdebugkernel+0xd2/0x160 ... Call Trace: <#DB> ? showregs+0x68/0x80 ? warn+0x8c/0x140 ? excdebugkernel+0xd2/0x160 ? reportbug+0x175/0x1a0 ? handlebug+0x44/0x90 ? excinvalidop+0x1c/0x70 ? asmexcinvalidop+0x1f/0x30 ? excdebugkernel+0xd2/0x160 excdebug+0x43/0x50 asmexcdebug+0x1e/0x40 RIP: 0010:clearbhbloop+0x0/0xb0 ... </#DB> <TASK> ? entrySYSENTERcompatafterhwframe+0x6e/0x8d </TASK>
[ bp: Massage commit message. ]
Other sources
Linux Kernel is vulnerable to a denial of service, caused by infinite loop in x86/bhi. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
This CVE was automatically created from a reference found in an email or other text. If you are reading this, then this CVE entry is probably erroneous, since this text should be replaced by the official CVE description automatically.
— Launchpad
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-42240?
CVE-2024-42240 is considered to be of medium severity due to the potential for exploitation in specific conditions.
How do I fix CVE-2024-42240?
You can fix CVE-2024-42240 by updating your Linux kernel to an unaffected version, such as 5.10.223-1 or later as specified in the resolution.
What versions are affected by CVE-2024-42240?
CVE-2024-42240 affects several versions of the Linux kernel prior to the patched releases including versions between 5.15.163 and 6.6.41.
What is the impact of CVE-2024-42240?
The impact of CVE-2024-42240 may lead to weakened security when BHI mitigation is enabled during certain system calls.
Is CVE-2024-42240 specific to any distributions?
Yes, CVE-2024-42240 has been identified in Debian Linux packages and is relevant to distributions using those kernel versions.