Re: CVE-2024-47722: xen: use correct end address of kernel for conflict checking

From: Greg Kroah-Hartman
Date: Mon Oct 21 2024 - 08:58:26 EST


On Mon, Oct 21, 2024 at 02:35:16PM +0200, Juergen Gross wrote:
> On 21.10.24 14:16, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > xen: use correct end address of kernel for conflict checking
> >
> > When running as a Xen PV dom0 the kernel is loaded by the hypervisor
> > using a different memory map than that of the host. In order to
> > minimize the required changes in the kernel, the kernel adapts its
> > memory map to that of the host. In order to do that it is checking
> > for conflicts of its load address with the host memory map.
> >
> > Unfortunately the tested memory range does not include the .brk
> > area, which might result in crashes or memory corruption when this
> > area does conflict with the memory map of the host.
> >
> > Fix the test by using the _end label instead of __bss_stop.
> >
> > The Linux kernel CVE team has assigned CVE-2024-47722 to this issue.
>
> I fail to see how an unprivileged user could cause any harm here.
>
> This bug is affecting the guest only, so only the guest admin can cause
> harm to the guest at will via a special kernel. IMHO nothing CVE-worthy
> here.

Ah, I thought this could affect the host, sorry about that.

> So I'd like to ask for this CVE being revoked.

Now revoked!

thanks for the review.

greg k-h