• CVE-2024-26990

发布时间: 2024年5月28日

修改时间: 2024年6月13日

概要

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any role-specific reasons for disabling D-bit dirty logging. Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables PML when running L2, even when L1 and L2 GPAs are in the some domain, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. [sean: massage shortlog and changelog, tweak ternary op formatting]

CVSS v3 指标

NVD openEuler
Confidentiality None
Attack Vector Local
CVSS评分 N/A 4.0
Attack Complexity High
Privileges Required High
Scope Unchanged
Integrity None
User Interaction None
Availability None

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-2116 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any role-specific reasons for disabling D-bit dirty logging. Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables PML when running L2, even when L1 and L2 GPAs are in the some domain, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. [sean: massage shortlog and changelog, tweak ternary op formatting] 2024年5月28日

影响产品

产品 状态
KY3.4-4A kernel Unaffected
KY3.4-5 kernel Unaffected
KY3.5.1 kernel Unaffected
KY3.5.2 kernel Unaffected
V6 kernel Unaffected