CVE-2024-38543

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib/test_hmm.c: maneja el error de asignación de src_pfns y dst_pfns El kcalloc() en dmirror_device_evict_chunk() devolverá nulo si la memoria física se ha agotado. Como resultado, si se desreferencia src_pfns o dst_pfns, se producirá el error de desreferencia del puntero nulo. Además, el dispositivo va a desaparecer. Si kcalloc() falla, las páginas que asignan un fragmento no podrán ser desalojadas. Entonces agregue una bandera __GFP_NOFAIL en kcalloc(). Finalmente, como no es necesario tener memoria físicamente contigua, cambie kcalloc() a kvcalloc() para evitar asignaciones fallidas.

In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations.

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.