Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-53135

Disclosure Date: December 04, 2024 •

CVE-2024-53135 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

Hide KVM’s pt_mode module param behind CONFIG_BROKEN, i.e. disable support
for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are
myriad bugs in the implementation, some of which are fatal to the guest,
and others which put the stability and health of the host at risk.

For guest fatalities, the most glaring issue is that KVM fails to ensure
tracing is disabled, and stays disabled prior to VM-Enter, which is
necessary as hardware disallows loading (the guest’s) RTIT_CTL if tracing
is enabled (enforced via a VMX consistency check). Per the SDM:

If the logical processor is operating with Intel PT enabled (if
IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the “load
IA32_RTIT_CTL” VM-entry control must be 0.

On the host side, KVM doesn’t validate the guest CPUID configuration
provided by userspace, and even worse, uses the guest configuration to
decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring
guest CPUID to enumerate more address ranges than are supported in hardware
will result in KVM trying to passthrough, save, and load non-existent MSRs,
which generates a variety of WARNs, ToPA ERRORs in the host, a potential
deadlock, etc.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

Exploitability Score:

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel,
linux kernel 6.12

References

Canonical

CVE-2024-53135 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135)

Miscellaneous

https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313

https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406

https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec

https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17

https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de

https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b

https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2

Rapid7

Unknown

CVE-2024-53135

Unknown

Unknown

None

Low

Local

CVE-2024-53135

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-53135

Unknown

Unknown

None

Low

Local

CVE-2024-53135

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification