vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-47727): Linux kernel vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Oct 21, 2024 | Feb 20, 2025 | Apr 3, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 21, 2024
Added
Feb 20, 2025
Modified
Apr 3, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Fix "in-kernel MMIO" check
TDX only supports kernel-initiated MMIO operations. The handle_mmio()
function checks if the #VE exception occurred in the kernel and rejects
the operation if it did not.
However, userspace can deceive the kernel into performing MMIO on its
behalf. For example, if userspace can point a syscall to an MMIO address,
syscall does get_user() or put_user() on it, triggering MMIO #VE. The
kernel will treat the #VE as in-kernel MMIO.
Ensure that the target MMIO address is within the kernel before decoding
instruction.
Solution(s)
ubuntu-upgrade-linux-image-6-11-0-1005-realtimeubuntu-upgrade-linux-image-6-11-0-1008-raspiubuntu-upgrade-linux-image-6-11-0-1009-awsubuntu-upgrade-linux-image-6-11-0-1009-azureubuntu-upgrade-linux-image-6-11-0-1009-azure-fdeubuntu-upgrade-linux-image-6-11-0-1009-gcpubuntu-upgrade-linux-image-6-11-0-1010-lowlatencyubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1011-oracleubuntu-upgrade-linux-image-6-11-0-1011-oracle-64kubuntu-upgrade-linux-image-6-11-0-1015-oemubuntu-upgrade-linux-image-6-11-0-18-genericubuntu-upgrade-linux-image-6-11-0-18-generic-64kubuntu-upgrade-linux-image-6-8-0-1006-gkeopubuntu-upgrade-linux-image-6-8-0-1019-gkeubuntu-upgrade-linux-image-6-8-0-1019-raspiubuntu-upgrade-linux-image-6-8-0-1020-oracleubuntu-upgrade-linux-image-6-8-0-1020-oracle-64kubuntu-upgrade-linux-image-6-8-0-1022-ibmubuntu-upgrade-linux-image-6-8-0-1022-nvidiaubuntu-upgrade-linux-image-6-8-0-1022-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1023-awsubuntu-upgrade-linux-image-6-8-0-1024-gcpubuntu-upgrade-linux-image-6-8-0-1024-gcp-64kubuntu-upgrade-linux-image-6-8-0-1024-oemubuntu-upgrade-linux-image-6-8-0-1025-azureubuntu-upgrade-linux-image-6-8-0-1025-azure-fdeubuntu-upgrade-linux-image-6-8-0-54-genericubuntu-upgrade-linux-image-6-8-0-54-generic-64kubuntu-upgrade-linux-image-6-8-0-54-lowlatencyubuntu-upgrade-linux-image-6-8-0-54-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-57-genericubuntu-upgrade-linux-image-6-8-0-57-generic-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-24-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.