CVE-2024-53196

Published: Dic 27, 2024 Last Modified: Nov 03, 2025 EU-VD ID: EUVD-2024-51868

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Don't retire aborted MMIO instruction

Returning an abort to the guest for an unsupported MMIO access is a
documented feature of the KVM UAPI. Nevertheless, it's clear that this
plumbing has seen limited testing, since userspace can trivially cause a
WARN in the MMIO return:

WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536
Call trace:
kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536
kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133
kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487
__do_sys_ioctl fs/ioctl.c:51 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712
el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

The splat is complaining that KVM is advancing PC while an exception is
pending, i.e. that KVM is retiring the MMIO instruction despite a
pending synchronous external abort. Womp womp.

Fix the glaring UAPI bug by skipping over all the MMIO emulation in
case there is a pending synchronous exception. Note that while userspace
is capable of pending an asynchronous exception (SError, IRQ, or FIQ),
it is still safe to retire the MMIO instruction in this case as (1) they
are by definition asynchronous, and (2) KVM relies on hardware support
for pending/delivering these exceptions instead of the software state
machine for advancing PC.

AI Generated Translation

Nel kernel Linux, è stata risolta la seguente vulnerabilità:

KVM: arm64: Non ritirare istruzione MMIO abortita

Restituire un abort al guest per un accesso MMIO non supportato è una funzionalità documentata dell'API UAPI di KVM. Tuttavia, è evidente che questa gestione ha subito test limitati, poiché lo spazio utente può facilmente causare un WARN nel ritorno MMIO:

Il problema è che il sistema segnala che KVM sta avanzando il PC mentre un'eccezione è in sospeso, ovvero che KVM sta ritirando l'istruzione MMIO nonostante ci sia un abort esterno sincrono in sospeso. Womp womp.

Risolve il bug evidente dell'API UAPI saltando tutta l'emulazione MMIO nel caso ci sia un'eccezione sincrona in sospeso. Si noti che, mentre lo spazio utente può generare un'eccezione asincrona (SError, IRQ o FIQ), è comunque sicuro ritirare l'istruzione MMIO in questo caso poiché (1) sono per definizione asincrone, e (2) KVM si affida al supporto hardware per la gestione e la consegna di queste eccezioni invece che alla macchina a stati software per l'avanzamento del PC.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0004

Percentile

0,1th

Updated

EPSS Score Trend (Last 90 Days)

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.7 (inclusive)

To 6.11.11 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.2 (inclusive)

To 6.6.66 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 5.5 (inclusive)

To 6.1.120 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.12 (inclusive)

To 6.12.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://git.kernel.org/stable/c/1e46460efe1ef9a31748de7675f…

https://git.kernel.org/stable/c/1e46460efe1ef9a31748de7675ff8fe0d8601af2

https://git.kernel.org/stable/c/6af853cf5f897d55f42e9166f4d…

https://git.kernel.org/stable/c/6af853cf5f897d55f42e9166f4db50e84e404fb3

https://git.kernel.org/stable/c/d0571c3add987bcb69c2ffd7a70…

https://git.kernel.org/stable/c/d0571c3add987bcb69c2ffd7a70c998bf8ce60fb

https://git.kernel.org/stable/c/e735a5da64420a86be370b216c2…

https://git.kernel.org/stable/c/e735a5da64420a86be370b216c269b5dd8e830e2

https://git.kernel.org/stable/c/ea6b5d98fea4ee8cb443ea98fda…

https://git.kernel.org/stable/c/ea6b5d98fea4ee8cb443ea98fda520909e90d30e

https://lists.debian.org/debian-lts-announce/2025/03/msg000…

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

CVE-2024-53196

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Iscriviti alla newsletter