{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49858", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.016Z", "datePublished": "2024-10-21T12:27:17.308Z", "dateUpdated": "2024-11-05T09:50:12.808Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:50:12.808Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/libstub/tpm.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "f76b69ab9cf0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "11690d7e7684", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "5b22c038fb27", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "19fd2f2c5fb3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "38d9b07d99b7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2e6871a632a9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "77d48d39e991", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/libstub/tpm.c"], "versions": [{"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.54", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08"}, {"url": "https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83"}, {"url": "https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7"}, {"url": "https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3"}, {"url": "https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993"}, {"url": "https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e"}, {"url": "https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386"}], "title": "efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:56:02.250795Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:04:10.785Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:56:02.250795Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T12:56:05.359Z"}}], "cna": {"title": "efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "f76b69ab9cf0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "11690d7e7684", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "5b22c038fb27", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "19fd2f2c5fb3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "38d9b07d99b7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2e6871a632a9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "77d48d39e991", "versionType": "git"}], "programFiles": ["drivers/firmware/efi/libstub/tpm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.54", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.13", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.2", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/efi/libstub/tpm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08"}, {"url": "https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83"}, {"url": "https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7"}, {"url": "https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3"}, {"url": "https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993"}, {"url": "https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e"}, {"url": "https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:50:12.808Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49858", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:50:12.808Z", "dateReserved": "2024-10-21T12:17:06.016Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T12:27:17.308Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F", "versionEndExcluding": "5.10.227", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976", "versionEndExcluding": "6.6.54", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efistub/tpm: Utilizar la memoria de recuperaci\u00f3n ACPI para el registro de eventos para evitar la corrupci\u00f3n La tabla de registro de eventos TPM es una construcci\u00f3n espec\u00edfica de Linux, donde los datos producidos por el servicio de arranque GetEventLog() se almacenan en cach\u00e9 en la memoria y se pasan al sistema operativo mediante una tabla de configuraci\u00f3n EFI. El uso de EFI_LOADER_DATA aqu\u00ed da como resultado que la regi\u00f3n quede sin reservar en el mapa de memoria E820 construido por el stub EFI, y esta es la descripci\u00f3n de memoria que se pasa al kernel entrante por kexec, que por lo tanto no sabe que la regi\u00f3n debe reservarse. Aunque la utilidad del registro de eventos TPM2 despu\u00e9s de un kexec es cuestionable, cualquier corrupci\u00f3n podr\u00eda enviar el c\u00f3digo de an\u00e1lisis a la maleza y bloquear el kernel. As\u00ed que usemos EFI_ACPI_RECLAIM_MEMORY en su lugar, que siempre se trata como reservado por la l\u00f3gica de conversi\u00f3n E820."}], "id": "CVE-2024-49858", "lastModified": "2024-10-23T16:35:10.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T13:15:06.543", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption", "id": "2320204", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320204"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."], "name": "CVE-2024-49858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49858\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49858\nhttps://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49858-b7c4@gregkh/T"], "threat_severity": "Moderate"}