{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26990", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.205Z", "datePublished": "2024-05-01T05:27:48.810Z", "dateUpdated": "2024-11-05T09:19:30.415Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:19:30.415Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status\n\nCheck kvm_mmu_page_ad_need_write_protect() when deciding whether to\nwrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU\naccounts for any role-specific reasons for disabling D-bit dirty logging.\n\nSpecifically, TDP MMU SPTEs must be write-protected when the TDP MMU is\nbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.\nKVM always disables PML when running L2, even when L1 and L2 GPAs are in\nthe some domain, so failing to write-protect TDP MMU SPTEs will cause\nwrites made by L2 to not be reflected in the dirty log.\n\n[sean: massage shortlog and changelog, tweak ternary op formatting]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/mmu/tdp_mmu.c"], "versions": [{"version": "5982a5392663", "lessThan": "cdf811a93747", "status": "affected", "versionType": "git"}, {"version": "5982a5392663", "lessThan": "e20bff0f1b2d", "status": "affected", "versionType": "git"}, {"version": "5982a5392663", "lessThan": "2673dfb591a3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/mmu/tdp_mmu.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.29", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.8", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed"}, {"url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404"}, {"url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22"}], "title": "KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-14T20:04:24.835393Z", "id": "CVE-2024-26990", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T20:04:34.681Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.915Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.915Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-14T20:04:24.835393Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T20:04:31.930Z"}}], "cna": {"title": "KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5982a5392663", "lessThan": "cdf811a93747", "versionType": "git"}, {"status": "affected", "version": "5982a5392663", "lessThan": "e20bff0f1b2d", "versionType": "git"}, {"status": "affected", "version": "5982a5392663", "lessThan": "2673dfb591a3", "versionType": "git"}], "programFiles": ["arch/x86/kvm/mmu/tdp_mmu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.29", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.8", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/x86/kvm/mmu/tdp_mmu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed"}, {"url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404"}, {"url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status\n\nCheck kvm_mmu_page_ad_need_write_protect() when deciding whether to\nwrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU\naccounts for any role-specific reasons for disabling D-bit dirty logging.\n\nSpecifically, TDP MMU SPTEs must be write-protected when the TDP MMU is\nbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.\nKVM always disables PML when running L2, even when L1 and L2 GPAs are in\nthe some domain, so failing to write-protect TDP MMU SPTEs will cause\nwrites made by L2 to not be reflected in the dirty log.\n\n[sean: massage shortlog and changelog, tweak ternary op formatting]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:26:32.090Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26990", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:21:05.915Z", "dateReserved": "2024-02-19T14:20:24.205Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:27:48.810Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status\n\nCheck kvm_mmu_page_ad_need_write_protect() when deciding whether to\nwrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU\naccounts for any role-specific reasons for disabling D-bit dirty logging.\n\nSpecifically, TDP MMU SPTEs must be write-protected when the TDP MMU is\nbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.\nKVM always disables PML when running L2, even when L1 and L2 GPAs are in\nthe some domain, so failing to write-protect TDP MMU SPTEs will cause\nwrites made by L2 to not be reflected in the dirty log.\n\n[sean: massage shortlog and changelog, tweak ternary op formatting]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86/mmu: Proteger contra escritura los SPTE L2 en la MMU TDP al borrar el estado sucio. Verifique kvm_mmu_page_ad_need_write_protect() cuando decida si desea proteger contra escritura o borrar los bits D en los SPTE de la MMU TDP. , de modo que la MMU TDP tenga en cuenta cualquier motivo espec\u00edfico de la funci\u00f3n para deshabilitar el registro sucio de bits D. Espec\u00edficamente, los SPTE de TDP MMU deben estar protegidos contra escritura cuando la TDP MMU se utiliza para ejecutar un L2 (es decir, L1 tiene EPT deshabilitado) y PML est\u00e1 habilitado. KVM siempre desactiva PML cuando se ejecuta L2, incluso cuando los GPA L1 y L2 est\u00e1n en alg\u00fan dominio, por lo que si no se protegen contra escritura los SPTE TDP MMU, las escrituras realizadas por L2 no se reflejar\u00e1n en el registro sucio. [sean: masajear el registro corto y el registro de cambios, modificar el formato de operaci\u00f3n ternario]"}], "id": "CVE-2024-26990", "lastModified": "2024-05-13T08:15:11.083", "metrics": {}, "published": "2024-05-01T06:15:16.673", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status", "id": "2278320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278320"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status\nCheck kvm_mmu_page_ad_need_write_protect() when deciding whether to\nwrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU\naccounts for any role-specific reasons for disabling D-bit dirty logging.\nSpecifically, TDP MMU SPTEs must be write-protected when the TDP MMU is\nbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.\nKVM always disables PML when running L2, even when L1 and L2 GPAs are in\nthe some domain, so failing to write-protect TDP MMU SPTEs will cause\nwrites made by L2 to not be reflected in the dirty log.\n[sean: massage shortlog and changelog, tweak ternary op formatting]"], "name": "CVE-2024-26990", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26990\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26990\nhttps://lore.kernel.org/linux-cve-announce/2024050143-CVE-2024-26990-0a1f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.6.29, kernel 6.8.8, kernel 6.9-rc5"}