CVE-2021-47429

powerpc/64s: Fix unrecoverable MCE calling async handler from NMI

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

powerpc/64s: Fix unrecoverable MCE calling async handler from NMI

The machine check handler is not considered NMI on 64s. The early
handler is the true NMI handler, and then it schedules the
machine_check_exception handler to run when interrupts are enabled.

This works fine except the case of an unrecoverable MCE, where the true
NMI is taken when MSR[RI] is clear, it can not recover, so it calls
machine_check_exception directly so something might be done about it.

Calling an async handler from NMI context can result in irq state and
other things getting corrupted. This can also trigger the BUG at
arch/powerpc/include/asm/interrupt.h:168
BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE));

Fix this by making an _async version of the handler which is called
in the normal case, and a NMI version that is called for unrecoverable
interrupts.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/64s: corrige un MCE irrecuperable que llama al controlador asíncrono desde NMI. El controlador de verificación de la máquina no se considera NMI en 64s. El controlador inicial es el verdadero controlador NMI y luego programa el controlador machine_check_exception para que se ejecute cuando las interrupciones estén habilitadas. Esto funciona bien excepto en el caso de un MCE irrecuperable, donde el NMI verdadero se toma cuando MSR[RI] está claro, no se puede recuperar, por lo que llama a machine_check_exception directamente para que se pueda hacer algo al respecto. Llamar a un controlador asíncrono desde el contexto NMI puede provocar que el estado irq y otras cosas se corrompan. Esto también puede desencadenar el ERROR en arch/powerpc/include/asm/interrupt.h:168 BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE)); Solucione este problema creando una versión _async del controlador que se llama en el caso normal, y una versión NMI que se llama para interrupciones irrecuperables.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/2b43dd7653cca47d297756980846ebbfe8887fa1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d7a8e38999fbd6910516e44cb43f9f4317e54f73	2021-10-13
https://git.kernel.org/stable/c/f08fb25bc66986b0952724530a640d9970fa52c1	2021-10-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.14.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.14.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15"		en		Affected