Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2023-52659

Disclosure Date: May 17, 2024 •

CVE-2023-52659

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type

On 64-bit platforms, the pfn_to_kaddr() macro requires that the input
value is 64 bits in order to ensure that valid address bits don’t get
lost when shifting that input by PAGE_SHIFT to calculate the physical
address to provide a virtual address for.

One such example is in pvalidate_pages() (used by SEV-SNP guests), where
the GFN in the struct used for page-state change requests is a 40-bit
bit-field, so attempts to pass this GFN field directly into
pfn_to_kaddr() ends up causing guest crashes when dealing with addresses
above the 1TB range due to the above.

Fix this issue with SEV-SNP guests, as well as any similar cases that
might cause issues in current/future code, by using an inline function,
instead of a macro, so that the input is implicitly cast to the
expected 64-bit input type prior to performing the shift operation.

While it might be argued that the issue is on the caller side, other
archs/macros have taken similar approaches to deal with instances like
this, such as ARM explicitly casting the input to phys_addr_t:

e48866647b48 (“ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()”)

A C inline function is even better though.

[ mingo: Refined the changelog some more & added __always_inline. ]

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2023-52659 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52659)

Miscellaneous

https://git.kernel.org/stable/c/325956b0173f11e98f90462be4829a8b8b0682ce

https://git.kernel.org/stable/c/7e1471888a5e6e846e9b4d306e5327db2b58e64e

https://git.kernel.org/stable/c/814305b5c23cb815ada68d43019f39050472b25f

https://git.kernel.org/stable/c/8e5647a723c49d73b9f108a8bb38e8c29d3948ea

Rapid7

Unknown

CVE-2023-52659

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52659

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-52659

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52659

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification