Bug 2333314 (CVE-2024-45818) - CVE-2024-45818 xen: Deadlock in x86 HVM standard VGA handling
Summary: CVE-2024-45818 xen: Deadlock in x86 HVM standard VGA handling
Keywords:
Status: NEW
Alias: CVE-2024-45818
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2333329 2333330
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-19 13:01 UTC by OSIDB Bzimport
Modified: 2024-12-19 14:51 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-12-19 13:01:06 UTC 
The hypervisor contains code to accelerate VGA memory accesses for HVM
guests, when the (virtual) VGA is in "standard" mode.  Locking involved
there has an unusual discipline, leaving a lock acquired past the
return from the function that acquired it.  This behavior results in a
problem when emulating an instruction with two memory accesses, both of
which touch VGA memory (plus some further constraints which aren't
relevant here).  When emulating the 2nd access, the lock that is already
being held would be attempted to be re-acquired, resulting in a
deadlock.

This deadlock was already found when the code was first introduced, but
was analysed incorrectly and the fix was incomplete.  Analysis in light
of the new finding cannot find a way to make the existing locking
discipline work.

In staging, this logic has all been removed because it was discovered
to be accidentally disabled since Xen 4.7.  Therefore, we are fixing the
locking problem by backporting the removal of most of the feature.  Note
that even with the feature disabled, the lock would still be acquired
for any accesses to the VGA MMIO region.
Note You need to log in before you can comment on or make changes to this bug.