Bug 2268118 (CVE-2024-2201)

Summary: CVE-2024-2201 hw: cpu: intel: Native Branch History Injection (BHI)
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, aubaker, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, gcovolo, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jpoimboe, jshortt, jstancek, jwyatt, kcarcia, kgrant, ldoskova, lgoncalv, llong, longman, lzampier, mleitner, mmilgram, mstowell, nmurray, pdwyer, ptalbert, rogbas, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, security-response-team, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2012088, 2250381    

Description Rohit Keshri 2024-03-06 10:46:30 UTC 
A native Spectre-v2 exploit against the Linux kernel on last-generation Intel CPUs, based on the recent BHI variant and able to leak arbitrary kernel memory at 3.5 kB/sec. In this flaw a number of gadgets and exploitation techniques to bypass the recent FineIBT mitigation, along with a case study on a 13th Gen Intel CPU that can leak kernel memory at 18 bytes/sec.

Reference:
https://www.openwall.com/lists/oss-security/2024/04/09/15
https://www.vusec.net/projects/native-bhi/
https://download.vusec.net/papers/inspectre_sec24.pdf
Comment 10 Alex 2024-07-24 19:30:22 UTC 
*** Bug 2250691 has been marked as a duplicate of this bug. ***
Comment 11 errata-xmlrpc 2024-08-08 04:40:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
Comment 12 errata-xmlrpc 2024-08-08 04:52:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Comment 13 errata-xmlrpc 2024-09-24 00:35:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:6995 https://access.redhat.com/errata/RHSA-2024:6995
Comment 14 errata-xmlrpc 2024-09-24 01:20:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:6994 https://access.redhat.com/errata/RHSA-2024:6994
Comment 15 errata-xmlrpc 2024-10-30 00:12:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:8614 https://access.redhat.com/errata/RHSA-2024:8614
Comment 16 errata-xmlrpc 2024-10-30 00:31:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:8613 https://access.redhat.com/errata/RHSA-2024:8613
Comment 17 errata-xmlrpc 2024-10-30 01:26:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:8617 https://access.redhat.com/errata/RHSA-2024:8617