CVE-2024-26992— Linux kernel 安全漏洞
影响版本矩阵 10
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| Linux | Linux | c59a1f106f5cd4843c097069ff1bb2ad72103a67< 0fb74c00d140a66128afc0003785dcc57e69d312 | affected |
c59a1f106f5cd4843c097069ff1bb2ad72103a67< 037e48ceccf163899374b601afb6ae8d0bf1d2ac | affected | ||
c59a1f106f5cd4843c097069ff1bb2ad72103a67< 7a7650b3ac23e5fc8c990f00e94f787dc84e3175 | affected | ||
c59a1f106f5cd4843c097069ff1bb2ad72103a67< 9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee | affected | ||
6.0 | affected | ||
< 6.0 | unaffected | ||
6.1.88≤ 6.1.* | unaffected | ||
6.6.29≤ 6.6.* | unaffected | ||
| … +2 条更多 | |||
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-26992 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
KVM: x86/pmu: Disable support for adaptive PEBS
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak host kernel addresses to the guest. Bug #1 is that KVM doesn't account for the upper 32 bits of IA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g fixed_ctrl_field() drops the upper bits, reprogram_fixed_counters() stores local variables as u8s and truncates the upper bits too, etc. Bug #2 is that, because KVM _always_ sets precise_ip to a non-zero value for PEBS events, perf will _always_ generate an adaptive record, even if the guest requested a basic record. Note, KVM will also enable adaptive PEBS in individual *counter*, even if adaptive PEBS isn't exposed to the guest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero, i.e. the guest will only ever see Basic records. Bug #3 is in perf. intel_pmu_disable_fixed() doesn't clear the upper bits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, and intel_pmu_enable_fixed() effectively doesn't clear ICL_FIXED_0_ADAPTIVE either. I.e. perf _always_ enables ADAPTIVE counters, regardless of what KVM requests. Bug #4 is that adaptive PEBS *might* effectively bypass event filters set by the host, as "Updated Memory Access Info Group" records information that might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER. Bug #5 is that KVM doesn't ensure LBR MSRs hold guest values (or at least zeros) when entering a vCPU with adaptive PEBS, which allows the guest to read host LBRs, i.e. host RIPs/addresses, by enabling "LBR Entries" records. Disable adaptive PEBS support as an immediate fix due to the severity of the LBR leak in particular, and because fixing all of the bugs will be non-trivial, e.g. not suitable for backporting to stable kernels. Note! This will break live migration, but trying to make KVM play nice with live migration would be quite complicated, wouldn't be guaranteed to work (i.e. KVM might still kill/confuse the guest), and it's not clear that there are any publicly available VMMs that support adaptive PEBS, let alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn't support PEBS in any capacity.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于LBR 泄漏。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-26992 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-26992 的情报信息
请登录查看更多情报信息。
CVE-2024-26992 邮件列表归档 (3)
CVE-2024-26992 其他参考 (4)
同批安全公告 · Linux · 2024-05-01 · 共 159 条
| CVE-2024-27038 | Linux kernel 安全漏洞 | |
| CVE-2024-27029 | Linux kernel 安全漏洞 | |
| CVE-2024-27030 | Linux kernel 安全漏洞 | |
| CVE-2024-27031 | Linux kernel 安全漏洞 | |
| CVE-2024-27032 | Linux kernel 安全漏洞 | |
| CVE-2024-27033 | Linux kernel 安全漏洞 | |
| CVE-2024-27034 | Linux kernel 安全漏洞 | |
| CVE-2024-27035 | Linux kernel 安全漏洞 | |
| CVE-2024-27036 | Linux kernel 安全漏洞 | |
| CVE-2024-27037 | Linux kernel 安全漏洞 | |
| CVE-2024-27044 | Linux kernel 安全漏洞 | |
| CVE-2024-27048 | Linux kernel 安全漏洞 | |
| CVE-2024-27047 | Linux kernel 安全漏洞 | |
| CVE-2024-27046 | Linux kernel 安全漏洞 | |
| CVE-2024-27045 | Linux kernel 安全漏洞 | |
| CVE-2024-27041 | Linux kernel 安全漏洞 | |
| CVE-2024-27039 | Linux kernel 安全漏洞 | |
| CVE-2024-27040 | Linux kernel 安全漏洞 | |
| CVE-2024-27028 | Linux kernel 安全漏洞 | |
| CVE-2024-27043 | Linux kernel 安全漏洞 |
显示前 20 条,共 159 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-26992
暂无评论