SUSE: CVE-2024-26695: SUSE Linux Security Advisory

SUSE: CVE-2024-26695: SUSE Linux Security Advisory

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

04/03/2024

Created

04/18/2024

Added

04/18/2024

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE.Found using KASAN: [137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002) [137.162647] ccp 0000:23:00.1: no command queues available [137.170598] ccp 0000:23:00.1: sev enabled [137.174645] ccp 0000:23:00.1: psp enabled [137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI [137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7] [137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311 [137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180 [137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c [137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216 [137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e [137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0 [137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66 [137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28 [137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8 [137.182693] FS:0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000 [137.182693] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0 [137.182693] Call Trace: [137.182693]<TASK> [137.182693]? show_regs+0x6c/0x80 [137.182693]? __die_body+0x24/0x70 [137.182693]? die_addr+0x4b/0x80 [137.182693]? exc_general_protection+0x126/0x230 [137.182693]? asm_exc_general_protection+0x2b/0x30 [137.182693]? __sev_platform_shutdown_locked+0x51/0x180 [137.182693]sev_firmware_shutdown.isra.0+0x1e/0x80 [137.182693]sev_dev_destroy+0x49/0x100 [137.182693]psp_dev_destroy+0x47/0xb0 [137.182693]sp_destroy+0xbb/0x240 [137.182693]sp_pci_remove+0x45/0x60 [137.182693]pci_device_remove+0xaa/0x1d0 [137.182693]device_remove+0xc7/0x170 [137.182693]really_probe+0x374/0xbe0 [137.182693]? srso_return_thunk+0x5/0x5f [137.182693]__driver_probe_device+0x199/0x460 [137.182693]driver_probe_device+0x4e/0xd0 [137.182693]__driver_attach+0x191/0x3d0 [137.182693]? __pfx___driver_attach+0x10/0x10 [137.182693]bus_for_each_dev+0x100/0x190 [137.182693]? __pfx_bus_for_each_dev+0x10/0x10 [137.182693]? __kasan_check_read+0x15/0x20 [137.182693]? srso_return_thunk+0x5/0x5f [137.182693]? _raw_spin_unlock+0x27/0x50 [137.182693]driver_attach+0x41/0x60 [137.182693]bus_add_driver+0x2a8/0x580 [137.182693]driver_register+0x141/0x480 [137.182693]__pci_register_driver+0x1d6/0x2a0 [137.182693]? srso_return_thunk+0x5/0x5f [137.182693]? esrt_sysfs_init+0x1cd/0x5d0 [137.182693]? __pfx_sp_mod_init+0x10/0x10 [137.182693]sp_pci_init+0x22/0x30 [137.182693]sp_mod_init+0x14/0x30 [137.182693]? __pfx_sp_mod_init+0x10/0x10 [137.182693]do_one_initcall+0xd1/0x470 [137.182693]? __pfx_do_one_initcall+0x10/0x10 [137.182693]? parameq+0x80/0xf0 [137.182693]? srso_return_thunk+0x5/0x5f [137.182693]? __kmalloc+0x3b0/0x4e0 [137.182693]? kernel_init_freeable+0x92d/0x1050 [137.182693]? kasan_populate_vmalloc_pte+0x171/0x190 [137.182693]? srso_return_thunk+0x5/0x5f [137.182693]kernel_init_freeable+0xa64/0x1050 [137.182693]? __pfx_kernel_init+0x10/0x10 [137.182693]kernel_init+0x24/0x160 [137.182693]? __switch_to_asm+0x3e/0x70 [137.182693]ret_from_fork+0x40/0x80 [137.182693]? __pfx_kernel_init+0x1 ---truncated---

Solution(s)

• suse-upgrade-cluster-md-kmp-64kb
• suse-upgrade-cluster-md-kmp-azure
• suse-upgrade-cluster-md-kmp-default
• suse-upgrade-cluster-md-kmp-rt
• suse-upgrade-dlm-kmp-64kb
• suse-upgrade-dlm-kmp-azure
• suse-upgrade-dlm-kmp-default
• suse-upgrade-dlm-kmp-rt
• suse-upgrade-dtb-allwinner
• suse-upgrade-dtb-altera
• suse-upgrade-dtb-amazon
• suse-upgrade-dtb-amd
• suse-upgrade-dtb-amlogic
• suse-upgrade-dtb-apm
• suse-upgrade-dtb-apple
• suse-upgrade-dtb-arm
• suse-upgrade-dtb-broadcom
• suse-upgrade-dtb-cavium
• suse-upgrade-dtb-exynos
• suse-upgrade-dtb-freescale
• suse-upgrade-dtb-hisilicon
• suse-upgrade-dtb-lg
• suse-upgrade-dtb-marvell
• suse-upgrade-dtb-mediatek
• suse-upgrade-dtb-nvidia
• suse-upgrade-dtb-qcom
• suse-upgrade-dtb-renesas
• suse-upgrade-dtb-rockchip
• suse-upgrade-dtb-socionext
• suse-upgrade-dtb-sprd
• suse-upgrade-dtb-xilinx
• suse-upgrade-gfs2-kmp-64kb
• suse-upgrade-gfs2-kmp-azure
• suse-upgrade-gfs2-kmp-default
• suse-upgrade-gfs2-kmp-rt
• suse-upgrade-kernel-64kb
• suse-upgrade-kernel-64kb-devel
• suse-upgrade-kernel-64kb-extra
• suse-upgrade-kernel-64kb-livepatch-devel
• suse-upgrade-kernel-64kb-optional
• suse-upgrade-kernel-azure
• suse-upgrade-kernel-azure-devel
• suse-upgrade-kernel-azure-extra
• suse-upgrade-kernel-azure-livepatch-devel
• suse-upgrade-kernel-azure-optional
• suse-upgrade-kernel-azure-vdso
• suse-upgrade-kernel-debug
• suse-upgrade-kernel-debug-devel
• suse-upgrade-kernel-debug-livepatch-devel
• suse-upgrade-kernel-debug-vdso
• suse-upgrade-kernel-default
• suse-upgrade-kernel-default-base
• suse-upgrade-kernel-default-base-rebuild
• suse-upgrade-kernel-default-devel
• suse-upgrade-kernel-default-extra
• suse-upgrade-kernel-default-livepatch
• suse-upgrade-kernel-default-livepatch-devel
• suse-upgrade-kernel-default-optional
• suse-upgrade-kernel-default-vdso
• suse-upgrade-kernel-devel
• suse-upgrade-kernel-devel-azure
• suse-upgrade-kernel-devel-rt
• suse-upgrade-kernel-docs
• suse-upgrade-kernel-docs-html
• suse-upgrade-kernel-kvmsmall
• suse-upgrade-kernel-kvmsmall-devel
• suse-upgrade-kernel-kvmsmall-livepatch-devel
• suse-upgrade-kernel-kvmsmall-vdso
• suse-upgrade-kernel-macros
• suse-upgrade-kernel-obs-build
• suse-upgrade-kernel-obs-qa
• suse-upgrade-kernel-rt
• suse-upgrade-kernel-rt-devel
• suse-upgrade-kernel-rt-extra
• suse-upgrade-kernel-rt-livepatch
• suse-upgrade-kernel-rt-livepatch-devel
• suse-upgrade-kernel-rt-optional
• suse-upgrade-kernel-rt-vdso
• suse-upgrade-kernel-rt_debug
• suse-upgrade-kernel-rt_debug-devel
• suse-upgrade-kernel-rt_debug-livepatch-devel
• suse-upgrade-kernel-rt_debug-vdso
• suse-upgrade-kernel-source
• suse-upgrade-kernel-source-azure
• suse-upgrade-kernel-source-rt
• suse-upgrade-kernel-source-vanilla
• suse-upgrade-kernel-syms
• suse-upgrade-kernel-syms-azure
• suse-upgrade-kernel-syms-rt
• suse-upgrade-kernel-zfcpdump
• suse-upgrade-kselftests-kmp-64kb
• suse-upgrade-kselftests-kmp-azure
• suse-upgrade-kselftests-kmp-default
• suse-upgrade-kselftests-kmp-rt
• suse-upgrade-ocfs2-kmp-64kb
• suse-upgrade-ocfs2-kmp-azure
• suse-upgrade-ocfs2-kmp-default
• suse-upgrade-ocfs2-kmp-rt
• suse-upgrade-reiserfs-kmp-64kb
• suse-upgrade-reiserfs-kmp-azure
• suse-upgrade-reiserfs-kmp-default
• suse-upgrade-reiserfs-kmp-rt

References

• https://attackerkb.com/topics/cve-2024-26695
• CVE - 2024-26695