CVE-2024-50193: x86/entry_32: Clear CPU buffers after register restore in NMI return
First published: Fri Nov 08 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.10.228 | |
| Linux Kernel | >=5.11<5.15.169 | |
| Linux Kernel | >=5.16<6.1.114 | |
| Linux Kernel | >=6.2<6.6.58 | |
| Linux Kernel | >=6.8<6.11.5 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de
- https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a
- https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b
- https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de
- https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc
- https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50193
- https://nvd.nist.gov/vuln/detail/CVE-2024-50193
- https://launchpad.net/bugs/cve/CVE-2024-50193
- https://security-tracker.debian.org/tracker/CVE-2024-50193
- https://ubuntu.com/security/CVE-2024-50193
- https://git.kernel.org/linus/48a2440d0f20c826b884e04377ccc1e4696c84e9
Frequently Asked Questions
What is the severity of CVE-2024-50193?
CVE-2024-50193 is classified as a medium-severity vulnerability affecting the Linux kernel.
How do I fix CVE-2024-50193?
To address CVE-2024-50193, you should update your Linux kernel to a patched version as recommended by your distribution.
Which versions of the Linux kernel are affected by CVE-2024-50193?
CVE-2024-50193 affects Linux kernel versions from 5.10.228 up to but not including 6.12-rc1.
Does CVE-2024-50193 affect x86 architecture?
Yes, CVE-2024-50193 specifically impacts the x86 architecture in the Linux kernel.
Is there a known exploit for CVE-2024-50193?
As of now, there are no publicly disclosed exploits specifically targeting CVE-2024-50193.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.8
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- package-manager/debian