跳转到帖子

Ubuntu: (CVE-2023-52568): linux vulnerability

recommended_posts

发布于
  • Members

Ubuntu: (CVE-2023-52568): linux vulnerability

Severity
4
CVSS
(AV:L/AC:M/Au:S/C:N/I:N/A:C)
Published
03/02/2024
Created
11/21/2024
Added
11/19/2024
Modified
01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epc_page to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epc_page is only done for ELDU, not EAUG before being used. Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU. The SECS page holds global enclave metadata. It can only be reclaimed when there are no other enclave pages remaining. At that point, virtually nothing can be done with the enclave until the SECS page is paged back in. An enclave can not run nor generate page faults without a resident SECS page. But it is still possible for a #PF for a non-SECS page to race with paging out the SECS page: when the last resident non-SECS page A triggers a #PF in a non-resident page B, and then page A and the SECS both are paged out before the #PF on B is handled. Hitting this bug requires that race triggered with a #PF for EAUG. Following is a trace when it happens. BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:sgx_encl_eaug_page+0xc7/0x210 Call Trace: ? __kmem_cache_alloc_node+0x16a/0x440 ? xa_load+0x6e/0xa0 sgx_vma_fault+0x119/0x230 __do_fault+0x36/0x140 do_fault+0x12f/0x400 __handle_mm_fault+0x728/0x1110 handle_mm_fault+0x105/0x310 do_user_addr_fault+0x1ee/0x750 ? __this_cpu_preempt_check+0x13/0x20 exc_page_fault+0x76/0x180 asm_exc_page_fault+0x27/0x30

Solution(s)

  • ubuntu-upgrade-linux
  • ubuntu-upgrade-linux-aws
  • ubuntu-upgrade-linux-gcp
  • ubuntu-upgrade-linux-gcp-6-5
  • ubuntu-upgrade-linux-hwe-6-5
  • ubuntu-upgrade-linux-laptop
  • ubuntu-upgrade-linux-lowlatency
  • ubuntu-upgrade-linux-lowlatency-hwe-6-5
  • ubuntu-upgrade-linux-nvidia-6-5
  • ubuntu-upgrade-linux-oem-6-5
  • ubuntu-upgrade-linux-oracle
  • ubuntu-upgrade-linux-oracle-6-5
  • ubuntu-upgrade-linux-raspi
  • ubuntu-upgrade-linux-riscv
  • ubuntu-upgrade-linux-starfive

References

  • https://attackerkb.com/topics/cve-2023-52568
  • CVE - 2023-52568
  • https://git.kernel.org/linus/c6c2adcba50c2622ed25ba5d5e7f05f584711358
  • https://www.cve.org/CVERecord?id=CVE-2023-52568
  • 查看数 705
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…