First published: Fri Feb 23 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=5.4<5.4.269 | |
Linux Linux kernel | >=5.5<5.10.209 | |
Linux Linux kernel | >=5.11<5.15.148 | |
Linux Linux kernel | >=5.16<6.1.75 | |
Linux Linux kernel | >=6.2<6.6.14 | |
Linux Linux kernel | >=6.7<6.7.2 | |
Debian Debian Linux | =10.0 | |
redhat/kernel | <6.8 | 6.8 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 | |
>=5.4<5.4.269 | ||
>=5.5<5.10.209 | ||
>=5.11<5.15.148 | ||
>=5.16<6.1.75 | ||
>=6.2<6.6.14 | ||
>=6.7<6.7.2 | ||
=10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.