CVE-2024-42126 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70
https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e
https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8
https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252
https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057
https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848
https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42126-fdab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42126
https://www.cve.org/CVERecord?id=CVE-2024-42126

History

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 25 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-827
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 Aug 2024 04:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057 https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-30T07:46:23.179Z

Updated: 2024-12-19T09:13:37.693Z

Reserved: 2024-07-29T15:50:41.179Z

Link: CVE-2024-42126

Vulnrichment

Updated: 2024-08-02T04:54:32.570Z

NVD

Status : Awaiting Analysis

Published: 2024-07-30T08:15:04.743

Modified: 2024-11-21T09:33:39.437

Link: CVE-2024-42126

Redhat

Severity : Low

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42126 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42126", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.179Z", "datePublished": "2024-07-30T07:46:23.179Z", "dateUpdated": "2024-12-19T09:13:37.693Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:13:37.693Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/include/asm/interrupt.h", "arch/powerpc/include/asm/percpu.h", "arch/powerpc/kernel/setup_64.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fb6675db04c4b79883373edc578d5df7bbc84848", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e2afb26615adf6c3ceaaa7732aa839bcd587a057", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8d3f83dfb23674540c827a8d65fba20aa300b252", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0f37946c62c48a907625348cbc720a7a0c547d1e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2c78c9411e685dbc9eac8c2845111b03501975b8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0db880fc865ffb522141ced4bfa66c12ab1fbb70", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/include/asm/interrupt.h", "arch/powerpc/include/asm/percpu.h", "arch/powerpc/kernel/setup_64.c"], "versions": [{"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848"}, {"url": "https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057"}, {"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"}, {"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"}, {"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"}, {"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"}], "title": "powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.570Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42126", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:41.546139Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:04.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.570Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42126", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:41.546139Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.392Z"}}], "cna": {"title": "powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "fb6675db04c4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e2afb26615ad", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8d3f83dfb236", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0f37946c62c4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2c78c9411e68", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0db880fc865f", "versionType": "git"}], "programFiles": ["arch/powerpc/include/asm/interrupt.h", "arch/powerpc/include/asm/percpu.h", "arch/powerpc/kernel/setup_64.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.224", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/powerpc/include/asm/interrupt.h", "arch/powerpc/include/asm/percpu.h", "arch/powerpc/kernel/setup_64.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848"}, {"url": "https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057"}, {"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"}, {"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"}, {"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"}, {"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:54.664Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42126", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:54.664Z", "dateReserved": "2024-07-29T15:50:41.179Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:23.179Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc: Evite nmi_enter/nmi_exit en interrupci\u00f3n en modo real. nmi_enter()/nmi_exit() toca variables por CPU que pueden provocar un fallo del kernel cuando se invoca durante el manejo de interrupciones en modo real (por ejemplo, el controlador de interrupciones HMI/MCE temprano) si la asignaci\u00f3n de percpu proviene del \u00e1rea vmalloc. Los primeros controladores HMI/MCE se llaman a trav\u00e9s del contenedor DEFINE_INTERRUPT_HANDLER_NMI() que invoca llamadas nmi_enter/nmi_exit. No vemos ning\u00fan problema cuando la asignaci\u00f3n de percpu proviene del primer fragmento integrado. Sin embargo, con CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK habilitado, hay posibilidades de que la asignaci\u00f3n de percpu pueda provenir del \u00e1rea vmalloc. Con la l\u00ednea de comando del kernel \"percpu_alloc=page\" podemos forzar que la asignaci\u00f3n de percpu provenga del \u00e1rea vmalloc y podemos ver el fallo del kernel en machine_check_early: [1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [1.215717] LR [c0000000000461a0] check_early+0xf0/ 0x2c0 [1.215719] --- interrupci\u00f3n: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (no confiable) [ 1.215722] [c000000fffd731b0] 000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Solucionar esto mediante evitando el uso de nmi_enter()/nmi_exit() en modo real si el primer fragmento de percpu no est\u00e1 incrustado."}], "id": "CVE-2024-42126", "lastModified": "2024-11-21T09:33:39.437", "metrics": {}, "published": "2024-07-30T08:15:04.743", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.", "id": "2301491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301491"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-827", "details": ["In the Linux kernel, the following vulnerability has been resolved:\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."], "name": "CVE-2024-42126", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42126\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42126\nhttps://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42126-fdab@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object