2313142 – (CVE-2024-46794) CVE-2024-46794 kernel: x86/tdx: Fix data leak in mmio_read()

Bug 2313142 (CVE-2024-46794) - CVE-2024-46794 kernel: x86/tdx: Fix data leak in mmio_read()

Summary: CVE-2024-46794 kernel: x86/tdx: Fix data leak in mmio_read()

Keywords:
Status:	NEW
Alias:	CVE-2024-46794
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2313271
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-18 08:23 UTC by OSIDB Bzimport
Modified:	2024-09-18 12:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-18 08:23:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

x86/tdx: Fix data leak in mmio_read()

The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an
address from the VMM.

Sean noticed that mmio_read() unintentionally exposes the value of an
initialized variable (val) on the stack to the VMM.

This variable is only needed as an output value. It did not need to be
passed to the VMM in the first place.

Do not send the original value of *val to the VMM.

[ dhansen: clarify what 'val' is used for. ]

Comment 1 Michal Findra 2024-09-18 12:22:55 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.