{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-55881", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-09T09:51:32.450Z", "datePublished": "2025-01-11T12:35:44.019Z", "dateUpdated": "2025-01-20T06:22:15.885Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:22:15.885Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Play nice with protected guests in complete_hypercall_exit()\n\nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit\nhypercall when completing said hypercall. For guests with protected state,\ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit\nmode as the vCPU state needed to detect 64-bit mode is unavailable.\n\nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE\nhypercall via VMGEXIT trips the WARN:\n\n ------------[ cut here ]------------\n WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]\n Modules linked in: kvm_amd kvm ... [last unloaded: kvm]\n CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470\n Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024\n RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]\n Call Trace:\n <TASK>\n kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]\n kvm_vcpu_ioctl+0x54f/0x630 [kvm]\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n </TASK>\n ---[ end trace 0000000000000000 ]---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/x86.c"], "versions": [{"version": "5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1", "lessThan": "0840d360a8909c722fb62459f42836afe32ededb", "status": "affected", "versionType": "git"}, {"version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2", "lessThan": "7ed4db315094963de0678a8adfd43c46471b9349", "status": "affected", "versionType": "git"}, {"version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2", "lessThan": "3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6", "status": "affected", "versionType": "git"}, {"version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2", "lessThan": "22b5c2acd65dbe949032f619d4758a35a82fffc3", "status": "affected", "versionType": "git"}, {"version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2", "lessThan": "9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/x86.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.176", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.122", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.68", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.7", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb"}, {"url": "https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349"}, {"url": "https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6"}, {"url": "https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3"}, {"url": "https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0"}], "title": "KVM: x86: Play nice with protected guests in complete_hypercall_exit()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Play nice with protected guests in complete_hypercall_exit()\n\nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit\nhypercall when completing said hypercall. For guests with protected state,\ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit\nmode as the vCPU state needed to detect 64-bit mode is unavailable.\n\nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE\nhypercall via VMGEXIT trips the WARN:\n\n ------------[ cut here ]------------\n WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]\n Modules linked in: kvm_amd kvm ... [last unloaded: kvm]\n CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470\n Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024\n RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]\n Call Trace:\n <TASK>\n kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]\n kvm_vcpu_ioctl+0x54f/0x630 [kvm]\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n </TASK>\n ---[ end trace 0000000000000000 ]---"}], "id": "CVE-2024-55881", "lastModified": "2025-01-11T13:15:28.197", "metrics": {}, "published": "2025-01-11T13:15:28.197", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: KVM: x86: Play nice with protected guests in complete_hypercall_exit()", "id": "2337109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337109"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKVM: x86: Play nice with protected guests in complete_hypercall_exit()\nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit\nhypercall when completing said hypercall. For guests with protected state,\ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit\nmode as the vCPU state needed to detect 64-bit mode is unavailable.\nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE\nhypercall via VMGEXIT trips the WARN:\n------------[ cut here ]------------\nWARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]\nModules linked in: kvm_amd kvm ... [last unloaded: kvm]\nCPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470\nHardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024\nRIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]\nCall Trace:\n<TASK>\nkvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]\nkvm_vcpu_ioctl+0x54f/0x630 [kvm]\n__se_sys_ioctl+0x6b/0xc0\ndo_syscall_64+0x83/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n</TASK>\n---[ end trace 0000000000000000 ]---"], "name": "CVE-2024-55881", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-55881\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-55881\nhttps://lore.kernel.org/linux-cve-announce/2025011145-CVE-2024-55881-ad68@gregkh/T"], "threat_severity": "Low"}