CVE-2024-56761: x86/fred: Clear WFE in missing-ENDBRANCH #CPs
First published: Mon Jan 06 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ]
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.6<6.12.8 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.135-1 6.12.22-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/151447859d6fb0dcce8259f0971c6e94fb801661
- https://git.kernel.org/stable/c/b939f108e86b76119428a6fa4e92491e09ac7867
- https://git.kernel.org/stable/c/dc81e556f2a017d681251ace21bf06c126d5a192
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56761
- https://nvd.nist.gov/vuln/detail/CVE-2024-56761
- https://launchpad.net/bugs/cve/CVE-2024-56761
- https://security-tracker.debian.org/tracker/CVE-2024-56761
- https://ubuntu.com/security/CVE-2024-56761
- https://git.kernel.org/linus/dc81e556f2a017d681251ace21bf06c126d5a192
Frequently Asked Questions
What is the severity of CVE-2024-56761?
CVE-2024-56761 has not been publicly assigned a CVSS score, but it is related to a critical functionality in the Linux kernel.
How do I fix CVE-2024-56761?
To fix CVE-2024-56761, you should upgrade to a patched version of the Linux kernel that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-56761?
CVE-2024-56761 affects Linux kernel versions between 6.6 and 6.12.8, as well as versions 6.13-rc1 to 6.13-rc4.
What type of vulnerability is CVE-2024-56761?
CVE-2024-56761 is an indirect branch tracking vulnerability that impacts the x86 architecture in the Linux kernel.
Is there a workaround for CVE-2024-56761?
Currently, the recommended approach for CVE-2024-56761 is to apply the latest patches rather than relying on workarounds.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.6
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- package-manager/debian