CVE-2024-46864: Linux Kernel x86/hyperv Vulnerability Resolved - Fix for Kexec Crash Due to VP Assist Page Corruption

In the Linux kernel, there has been an important vulnerability resolution involving the x86/hyperv module. The vulnerability, dubbed CVE-2024-46864, deals with preventing a kexec crash that occurs due to the corruption of the VP assist page. This vulnerability resolution has been implemented in the latest Linux kernel source code, making systems less prone to such crashes and improving overall stability. In this post, we will examine the changes made, the potential impact of this issue, and the original references for better understanding.

The Vulnerability

The x86/hyperv module is a part of the Linux kernel that deals with Microsoft Hyper-V hypervisor support for x86 systems. A hypervisor is a low-level software component that enables the creation, management, and execution of virtual machines on a single physical host. In this case, the Linux kernel provides support for Hyper-V to enable smooth execution of virtual machines on Microsoft's virtualization platform.

The issue here involves the handling of CPU online and offline events with respect to Hyper-V. In particular, the commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduced a new cpuhp state for Hyper-V initialization. However, an unintended side effect of this change was that the VP assist page would not be reset during system shutdown if a kexec kernel were to be used.

As a result, when a kexec kernel tries to set up the VP assist page again, Microsoft's Hyper-V hypervisor corrupts the memory region of the old VP assist page. This leads to a panic situation in case the kexec kernel is using that memory elsewhere. The vulnerability was initially fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues").

To resolve this issue, the Linux kernel developers made the following changes

- Get rid of hyperv_init_cpuhp entirely since we are no longer using a
  dynamic cpuhp state.
- Use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state().

These changes have ensured that the proper cleanup is now performed when the system is shutting down or undergoing a kexec operation. As a result, this prevents potential memory corruption and crashes related to the VP assist page.

Original References

1. Linux Kernel Git commit 9636be85cc5b: x86/hyperv Fix hyperv_pcpu_input_arg handling when CPUs go online/offline
2. Linux Kernel Git commit dfe94d4086e4: x86/hyperv Fix kexec panic/hang issues

Exploit Details

Although there have been no known public exploits targeting this specific vulnerability, it does highlight the importance of keeping your system up to date with the latest Linux kernel updates and patches. This ensures not only that your system remains secure but also that it performs at its best.

In conclusion, the resolution of CVE-2024-46864 is an important improvement in the Linux kernel's overall stability and reliability in systems utilizing Microsoft Hyper-V hypervisor support. The changes made efficiently prevent the kexec crash due to VP assist page corruption and ensure a more stable and secure system. It is essential to update your Linux kernel to the latest version available, which includes this resolution.

Timeline

Published on: 09/27/2024 13:15:17 UTC
Last modified on: 12/19/2024 09:24:59 UTC