CVE-2024-42230: Resolving Linux Kernel Vulnerability in PowerPC/pseries - Fixing scv Instruction Crash with Kexec

A crucial vulnerability has been discovered and resolved in the Linux kernel, specifically in the powerpc/pseries section. This vulnerability concerns the scv instruction crash while using kexec on pseries platforms. This article will delve into the details of this vulnerability, as well as its solution and associated code snippets.

The Vulnerability

When using kexec on a pseries platform, AIL (reloc_on_exc) is disabled before other CPUs have been shut down. Consequently, other CPUs can still execute scv instructions after AIL is disabled. This causes an interrupt at an unexpected entry location, which in turn crashes the kernel.

The Solution

To address this vulnerability, the kexec sequence has been modified to disable AIL after other CPUs have been brought down successfully. This change ensures that scv instructions are not executed after AIL is disabled, thus preventing the kernel crash.

Code Snippet

/*Disable AIL after shutting down other CPUs*/
disable_ail();

Reference to Original Linux Kernel Patch

You can find the complete patch submitted and accepted for this particular vulnerability in the Linux kernel repository here.

Further Information on the scv Interrupt

To give you more context, the real-mode scv interrupt vector is x17000. Implementing such high addresses in the fixed-location head code can be problematic, which is why it was decided not to support that interrupt at all. However, with the newly applied patch, this issue is resolved for powerpc/pseries platforms in the Linux kernel.

Exploit Details

Though there have been no known exploits in the wild, it is necessary to update your Linux kernel to the patched version to avoid potential issues. The vulnerability could have allowed attackers with local access to the system to perform a denial of service (DoS) attack by crashing the kernel.

In summary, CVE-2024-42230 addresses a critical vulnerability discovered in the powerpc/pseries platforms of the Linux kernel. This vulnerability has been resolved by modifying the kexec sequence to disable AIL after other CPUs have been brought down. Users are encouraged to update their Linux kernels to the latest patched version to mitigate any potential exploitation.

Timeline

Published on: 07/30/2024 08:15:08 UTC
Last modified on: 07/30/2024 19:32:51 UTC