Re: CVE-2024-35876: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

From: Vegard Nossum
Date: Thu May 23 2024 - 10:54:55 EST

Next message: Michael S. Tsirkin: "Re: [RFC PATCH 0/5] vsock/virtio: Add support for multi-devices"
Previous message: yunlong xing: "Re: [PATCH] loop: inherit the ioprio in loop woker thread"
In reply to: Nikolay Borisov: "Re: CVE-2024-35876: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23/05/2024 15:58, Nikolay Borisov wrote:

On 23.05.24 г. 16:54 ч., Vegard Nossum wrote:

On 23/05/2024 12:24, Nikolay Borisov wrote:

I'd like to dispute the CVE for this issue. Those sysfs entries are owned by root and can only be written by it. There are innumerable ways in which root can corrupt/crash the state of the machine and I don't see why this is anything special.

I haven't looked at the issue in detail but it sounds like this
potentially breaks lockdown (which is arguably a security feature) so

How exactly does it break lockdown ?

Well, I don't have an exploit and it looks difficult as there isn't any
user-provided input involved.

But generally lockdown prevents anybody (including root) from inspecting
and modifying the running kernel. So if this bug would allow that, then
it breaks lockdown.

Glancing over the code it doesn't look like a use-after-free, just some
unspecified concurrent access. I can't tell if it's exploitable. I'm
just remarking that "requires root access" is not by itself a reason to
reject the CVE.

Vegard

Next message: Michael S. Tsirkin: "Re: [RFC PATCH 0/5] vsock/virtio: Add support for multi-devices"
Previous message: yunlong xing: "Re: [PATCH] loop: inherit the ioprio in loop woker thread"
In reply to: Nikolay Borisov: "Re: CVE-2024-35876: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]