CVE-2024-36949

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: amd/amdkfd: sincroniza todos los dispositivos para esperar a que se desalojen todos los procesos. Si hay más de un dispositivo reiniciando en paralelo, el primer dispositivo llamará a kfd_suspend_all_processes() para desalojar todos los procesos en todos los dispositivos, esta llamada tarda un tiempo en finalizar. El otro dispositivo comenzará a restablecerse y recuperarse sin esperar. Si el proceso no ha sido desalojado antes de realizar la recuperación, se restaurará y luego provocará un error de página.

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault.

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.