Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp414615lql; Mon, 11 Mar 2024 06:42:14 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWb/oUatF7b1FjcTzr0RgFDH2FttbIHxrPYjuZtwKjQZ76XyZ5nbFs/Wc5C5jVPOblSDVpYy5lmxWNAbxAIZRYjXsslHxl/rpIfPaP2aQ== X-Google-Smtp-Source: AGHT+IFcJDiCtml7k4cIUXwIRoeF6c6K2ID1/VBqZ55mUH4OmSYEuxnB2XL8q0U8xl6rG6xqwz/g X-Received: by 2002:a9d:74c4:0:b0:6e4:dbe9:50a0 with SMTP id a4-20020a9d74c4000000b006e4dbe950a0mr4956398otl.37.1710164533857; Mon, 11 Mar 2024 06:42:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710164533; cv=pass; d=google.com; s=arc-20160816; b=md3XGwitspl9NvYC28YLS9tM9O2ntT7JKgvJVx9jIJ1L4+EWozz31P+VkYzZPk5uC4 GQM0VphbFc7YqefZFA2SkcvdKH0PxPb4gI5XSfUc9LyQG/LJDn63c4Ylh+Fme0jYB+3Z e0nFeK00HGf0jmBhWfw+3JrrbavHL5tFaYxfA/AaVSWZYbvvbLd8dq6m0Ubo0cQJmPCg 9SEHdLJmG/m/pNQwfMMVfxlAHtbs9czTWfRHIbqmUc3BUaPy9MyaxQcYfH+DS+cKxWdr uZlCCx5BuYfOzdbMcnSCeVjUCF6bgZxp5RlXaeFhy/WUBTmZqkmuteOZSr3OWSa+aKHc bQJQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gfJSaX1fQHiVoLHBkp6+Fx7cMzFYleJ4w3fL/OZZIg0=; fh=Ex5ipZCIjNrg5VZ6/cM9MNM0UeZURY0+rhoidfRbm8c=; b=GYVMdrUTy8HaTUldPS5KOZjzGnNTh0aRCFEQCH9a5mNb2MLlu6rL12ZajM3Cub3fek YCAfw9fH6IPFoxs9HXRbzch2qWNIvO4/65nfza8Gm+DaDkW3ysUFhBK20xTdRdhVagoc QpX7qgI9bEY+dNx86cXXTKkHYU9OFeo5nA0/hvlMtBiTyiaUOrA5zE5MbowgwfrW6ojH Cs81CcHLrHemVvSJvlm4AW1P0UfrLqBxvbIz6v8KeLa9WbceeI3qJHz3rsmc0jyor5YZ Gc9Wx6aBSDnwPWwwad8hpCSalXH6qV7G8vG5ceFKPi8AcH0WGjzhAwChVs4Xh5wHnrVa bXvQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rDK09Sbx; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-98894-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98894-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id m186-20020a6326c3000000b005b95ee3edc6si4960257pgm.628.2024.03.11.06.42.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 06:42:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-98894-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rDK09Sbx; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-98894-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98894-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B38A0283CCF for ; Mon, 11 Mar 2024 13:42:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4BD103D551; Mon, 11 Mar 2024 13:42:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rDK09Sbx" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 772D43FB21 for ; Mon, 11 Mar 2024 13:42:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710164527; cv=none; b=faflU63AbSV4xbaSHhWVML4lKYwCChr/JhyCwM6LI2FBKvlZkVAPXqVNDEsnN6Zyz7dStfvTe8i6ZeFN9rZVK+9tejO36lqrinS88mcqQhQ6vCqmDILyM4nSZL2YqT6ohe7KDZGRK3aPYSdiBq6E7YIzI8dWy2O1EIx89BnIEWk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710164527; c=relaxed/simple; bh=GBZJtwDWuIO+GSAmxpBqcvQHRzPIx+s/dcBLIqAv15w=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=f/ebTdhmEhhKxVDJZohiTmTlmDpyxiOidY28sxF0PyuIl1iVVehJGnvGOnirJ3zWPDDP4Bi6FM+FYAttSikoXQWfuh8aF2X4EDQkw2Ky0LL0rcvdiH7Q1v+pdKdCaw1sRBW74T5kvDdhb8kDLhPG4UzYlug0dW8Kgn2HAfn4qlI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rDK09Sbx; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2530C433C7; Mon, 11 Mar 2024 13:42:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710164527; bh=GBZJtwDWuIO+GSAmxpBqcvQHRzPIx+s/dcBLIqAv15w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=rDK09SbxurXhUorcOf6awSEAQvnvNLlxJLmf9KRq/b2egdLPROcJkjVRaDN4kyvsT oXn23UW1E2sJK0JEkx4NL/2CXElPinlkkjpd7eoCpiJPamEEYyLEUv9ggR/0f3KaXI QPAFx1hqABrcy7dUMY4ax6zJxaBGkvBH9QP9nbUPGJDsgN7KSQi7r6PFom4o8zfNzL NpD2zYXAg8sF3N7nBrk4jXcv0zJam+Sywn/HMjytc+95TTva/Z3mOm6c5ZZQeBnjoi K7FWsMaC/PiUP9k0LNtINsI+zqTIty2LNI5oLUiUAvMtEWZcRxt19jTI6GVTjZQjVF Dm60qwKkpuHbw== Date: Mon, 11 Mar 2024 13:42:02 +0000 From: Lee Jones To: Michal Hocko Cc: cve@kernel.org, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Juergen Gross , Sean Christopherson , Andrew Cooper Subject: Re: CVE-2023-52514: x86/reboot: VMCLEAR active VMCSes before emergency reboot Message-ID: <20240311134202.GQ86322@google.com> References: <2024030251-CVE-2023-52514-c93d@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Mon, 11 Mar 2024, Michal Hocko wrote: > On Sat 02-03-24 22:52:59, Greg KH wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > x86/reboot: VMCLEAR active VMCSes before emergency reboot > > > > VMCLEAR active VMCSes before any emergency reboot, not just if the kernel > > may kexec into a new kernel after a crash. Per Intel's SDM, the VMX > > architecture doesn't require the CPU to flush the VMCS cache on INIT. If > > an emergency reboot doesn't RESET CPUs, cached VMCSes could theoretically > > be kept and only be written back to memory after the new kernel is booted, > > i.e. could effectively corrupt memory after reboot. > > > > Opportunistically remove the setting of the global pointer to NULL to make > > checkpatch happy. > > > > The Linux kernel CVE team has assigned CVE-2023-52514 to this issue. > > I do not really see the security aspect of this fix. Guests systems > shouldn't be able to trigger host reboot nor any untrusted entity should > on the host either or this would be a serious security hole. > > Or am I missing something? Thanks for reporting. If Sean and/or Paolo agree, we can revoke the CVE for you. -- Lee Jones [李琼斯]