CVE-2024-55881

{"id": "CVE-2024-55881", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-11T13:15:28.197", "references": [{"url": "https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Play nice with protected guests in complete_hypercall_exit()\n\nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit\nhypercall when completing said hypercall. For guests with protected state,\ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit\nmode as the vCPU state needed to detect 64-bit mode is unavailable.\n\nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE\nhypercall via VMGEXIT trips the WARN:\n\n ------------[ cut here ]------------\n WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]\n Modules linked in: kvm_amd kvm ... [last unloaded: kvm]\n CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470\n Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024\n RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]\n Call Trace:\n <TASK>\n kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]\n kvm_vcpu_ioctl+0x54f/0x630 [kvm]\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n </TASK>\n ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Juega bien con invitados protegidos en complete_hypercall_exit() Usa is_64_bit_hypercall() en lugar de is_64_bit_mode() para detectar una hiperllamada de 64 bits al completar dicha hiperllamada. Para invitados con estado protegido, por ejemplo, SEV-ES y SEV-SNP, KVM debe asumir que la hiperllamada se realiz\u00f3 en modo de 64 bits, ya que el estado de vCPU necesario para detectar el modo de 64 bits no est\u00e1 disponible. Al piratear la autoprueba sev_smoke_test para generar una hiperllamada KVM_HC_MAP_GPA_RANGE a trav\u00e9s de VMGEXIT se activa el WARN: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 273 PID: 326626 en arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] M\u00f3dulos vinculados en: kvm_amd kvm ... [\u00faltima descarga: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test No contaminado 6.12.0-smp--392e932fa0f3-feat #470 Nombre del hardware: Google Astoria/astoria, BIOS 0.20240617.0-0 17/06/2024 RIP: 0010:completar_hiperllamada_salida+0x44/0xe0 [kvm] Seguimiento de llamadas: kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e ---[fin del seguimiento 0000000000000000 ]---"}], "lastModified": "2025-10-16T17:03:08.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4925F4DE-7B8D-4265-870B-13FBADAC02CD", "versionEndExcluding": "5.15.176", "versionStartIncluding": "5.15.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "729E48DC-29FF-4000-B4C7-6AF480586DFF", "versionEndExcluding": "6.1.122", "versionStartIncluding": "5.16.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74BA9823-CCED-4B24-815D-B82543954BF8", "versionEndExcluding": "6.6.68", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "811AC89A-14AC-49FA-9B54-E99526F1CA47", "versionEndExcluding": "6.12.7", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF588A58-013F-4DBF-A3AB-70EC054B1892"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F621B5E3-E99D-49E7-90B9-EC3B77C95383"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7BFDCAA-1650-49AA-8462-407DD593F94F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EC9882F-866D-4ACB-8FBC-213D8D8436C8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A0915FE-A4AA-4C94-B783-CF29D81E7E54"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EAC2750-F7C6-4A4E-9C04-1E450722B853"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED611C74-E83A-4AFA-8688-9B829C02B038"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}