发布时间: 2024年5月27日
修改时间: 2024年5月27日
In the Linux kernel, the following vulnerability has been resolved:nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assertAfter commit 5b78ed24e8ec ( mm/pagemap: add mmap_assert_locked()annotations to find_vma*() ), the call to get_user_pages() will triggerthe mmap assert.static inline void mmap_assert_locked(struct mm_struct *mm){ lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);}[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!...........................................................[ 62.538938] RIP: 0010:find_vma+0x32/0x80...........................................................[ 62.605889] Call Trace:[ 62.608502] <TASK>[ 62.610956] ? lock_timer_base+0x61/0x80[ 62.614106] find_extend_vma+0x19/0x80[ 62.617195] __get_user_pages+0x9b/0x6a0[ 62.620356] __gup_longterm_locked+0x42d/0x450[ 62.623721] ? finish_wait+0x41/0x80[ 62.626748] ? __kmalloc+0x178/0x2f0[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves][ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves][ 62.639541] __x64_sys_ioctl+0x82/0xb0[ 62.642620] do_syscall_64+0x3b/0x90[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xaeUse get_user_pages_unlocked() when setting the enclave memory regions.That s a similar pattern as mmap_read_lock() used together withget_user_pages().
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 2.3 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | High |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-2258 | In the Linux kernel, the following vulnerability has been resolved:nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assertAfter commit 5b78ed24e8ec ( mm/pagemap: add mmap_assert_locked()annotations to find_vma*() ), the call to get_user_pages() will triggerthe mmap assert.static inline void mmap_assert_locked(struct mm_struct *mm){ lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);}[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!...........................................................[ 62.538938] RIP: 0010:find_vma+0x32/0x80...........................................................[ 62.605889] Call Trace:[ 62.608502] <TASK>[ 62.610956] ? lock_timer_base+0x61/0x80[ 62.614106] find_extend_vma+0x19/0x80[ 62.617195] __get_user_pages+0x9b/0x6a0[ 62.620356] __gup_longterm_locked+0x42d/0x450[ 62.623721] ? finish_wait+0x41/0x80[ 62.626748] ? __kmalloc+0x178/0x2f0[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves][ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves][ 62.639541] __x64_sys_ioctl+0x82/0xb0[ 62.642620] do_syscall_64+0x3b/0x90[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xaeUse get_user_pages_unlocked() when setting the enclave memory regions.That s a similar pattern as mmap_read_lock() used together withget_user_pages(). | 2024年5月27日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kernel | Unaffected |
| KY3.4-5 | kernel | Unaffected |
| KY3.5.1 | kernel | Unaffected |
| KY3.5.2 | kernel | Unaffected |
