{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46707", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.252Z", "datePublished": "2024-09-13T06:27:33.709Z", "dateUpdated": "2024-09-15T17:58:06.399Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:58:06.399Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kvm/sys_regs.c", "arch/arm64/kvm/vgic/vgic.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "15818af2f7aa", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "96b076e8ee5b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "94d4fbad01b1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9d7629bec5c3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2073132f6ed3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3e6245ebe7ef", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kvm/sys_regs.c", "arch/arm64/kvm/vgic/vgic.h"], "versions": [{"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.107", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.48", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.7", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef"}, {"url": "https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1"}, {"url": "https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d"}, {"url": "https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92"}, {"url": "https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc"}, {"url": "https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f"}], "title": "KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F0D241D-4DAA-47F2-A87F-FBB28B3DA898", "versionEndExcluding": "5.10.225", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402", "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2", "versionEndExcluding": "6.1.107", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4", "versionEndExcluding": "6.6.48", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67", "versionEndExcluding": "6.10.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: Hacer que ICC_*SGI*_EL1 no est\u00e9 definido en ausencia de un vGICv3 En un sistema con un GICv3, si un invitado no se ha configurado con GICv3 y el host no es capaz de emular GICv2, una escritura en cualquiera de los registros ICC_*SGI*_EL1 se atrapa en EL2. Por lo tanto, intentamos emular el acceso a SGI, solo para encontrar un puntero NULL ya que no se asigna ninguna interrupci\u00f3n privada (no hay GIC, \u00bfrecuerdas?). La soluci\u00f3n obvia es darle al invitado lo que se merece, en forma de una excepci\u00f3n UNDEF."}], "id": "CVE-2024-46707", "lastModified": "2024-09-19T13:29:46.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-13T07:15:05.643", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3", "id": "2312104", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312104"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception."], "name": "CVE-2024-46707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46707\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46707\nhttps://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T"], "threat_severity": "Low"}