Re: CVE-2025-21818: x86/xen: fix xen_hypercall_hvm() to not clobber %rbx

From: Juergen Gross
Date: Fri Feb 28 2025 - 02:29:00 EST

Next message: Hannes Reinecke: "Re: [PATCH 06/11] nvmet-fcloop: track rport with ref counting"
Previous message: Hannes Reinecke: "Re: [PATCH 05/11] nvmet-fcloop: track tport with ref counting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27.02.25 21:03, Greg Kroah-Hartman wrote:

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

x86/xen: fix xen_hypercall_hvm() to not clobber %rbx

xen_hypercall_hvm(), which is used when running as a Xen PVH guest at
most only once during early boot, is clobbering %rbx. Depending on
whether the caller relies on %rbx to be preserved across the call or
not, this clobbering might result in an early crash of the system.

This can be avoided by using an already saved register instead of %rbx.

The Linux kernel CVE team has assigned CVE-2025-21818 to this issue.

Please revoke this CVE.

There is no way an unprivileged user can trigger this issue at will.
The issue is guest local and will either happen very early at boot or
it won't happen at all.

So no security issue.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Hannes Reinecke: "Re: [PATCH 06/11] nvmet-fcloop: track rport with ref counting"
Previous message: Hannes Reinecke: "Re: [PATCH 05/11] nvmet-fcloop: track tport with ref counting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]