vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-50072): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Oct 29, 2024
Added
Feb 20, 2025
Modified
May 27, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/bugs: Use code segment selector for VERW operand

Robert Gill reported below #GP in 32-bit mode when dosemu software was
executing vm86() system call:

general protection fault: 0000 [#1] PREEMPT SMP
CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1
Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010
EIP: restore_all_switch_stack+0xbe/0xcf
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc
DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046
CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0
Call Trace:
show_regs+0x70/0x78
die_addr+0x29/0x70
exc_general_protection+0x13c/0x348
exc_bounds+0x98/0x98
handle_exception+0x14d/0x14d
exc_bounds+0x98/0x98
restore_all_switch_stack+0xbe/0xcf
exc_bounds+0x98/0x98
restore_all_switch_stack+0xbe/0xcf

This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS
are enabled. This is because segment registers with an arbitrary user value
can result in #GP when executing VERW. Intel SDM vol. 2C documents the
following behavior for VERW instruction:

#GP(0) - If a memory operand effective address is outside the CS, DS, ES,
FS, or GS segment limit.

CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user
space. Use %cs selector to reference VERW operand. This ensures VERW will
not #GP for an arbitrary user %ds.

[ mingo: Fixed the SOB chain. ]

Solutions

ubuntu-upgrade-linux-image-5-15-0-1021-nvidia-tegra-igxubuntu-upgrade-linux-image-5-15-0-1021-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-5-15-0-1033-nvidia-tegraubuntu-upgrade-linux-image-5-15-0-1033-nvidia-tegra-rtubuntu-upgrade-linux-image-5-15-0-1044-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1060-gkeopubuntu-upgrade-linux-image-5-15-0-1070-ibmubuntu-upgrade-linux-image-5-15-0-1072-nvidiaubuntu-upgrade-linux-image-5-15-0-1072-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1072-raspiubuntu-upgrade-linux-image-5-15-0-1073-intel-iotgubuntu-upgrade-linux-image-5-15-0-1074-ibmubuntu-upgrade-linux-image-5-15-0-1075-gkeubuntu-upgrade-linux-image-5-15-0-1075-oracleubuntu-upgrade-linux-image-5-15-0-1076-kvmubuntu-upgrade-linux-image-5-15-0-1077-gcpubuntu-upgrade-linux-image-5-15-0-1078-awsubuntu-upgrade-linux-image-5-15-0-1080-awsubuntu-upgrade-linux-image-5-15-0-1081-azureubuntu-upgrade-linux-image-5-15-0-1081-azure-fdeubuntu-upgrade-linux-image-5-15-0-133-genericubuntu-upgrade-linux-image-5-15-0-133-generic-64kubuntu-upgrade-linux-image-5-15-0-133-generic-lpaeubuntu-upgrade-linux-image-5-15-0-133-lowlatencyubuntu-upgrade-linux-image-5-15-0-133-lowlatency-64kubuntu-upgrade-linux-image-5-15-0-134-genericubuntu-upgrade-linux-image-5-15-0-134-generic-64kubuntu-upgrade-linux-image-5-15-0-134-generic-lpaeubuntu-upgrade-linux-image-6-11-0-1005-realtimeubuntu-upgrade-linux-image-6-11-0-1008-raspiubuntu-upgrade-linux-image-6-11-0-1009-awsubuntu-upgrade-linux-image-6-11-0-1009-azureubuntu-upgrade-linux-image-6-11-0-1009-azure-fdeubuntu-upgrade-linux-image-6-11-0-1009-gcpubuntu-upgrade-linux-image-6-11-0-1010-lowlatencyubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1011-oracleubuntu-upgrade-linux-image-6-11-0-1011-oracle-64kubuntu-upgrade-linux-image-6-11-0-1015-oemubuntu-upgrade-linux-image-6-11-0-18-genericubuntu-upgrade-linux-image-6-11-0-18-generic-64kubuntu-upgrade-linux-image-6-8-0-1008-gkeopubuntu-upgrade-linux-image-6-8-0-1014-azure-nvidiaubuntu-upgrade-linux-image-6-8-0-1021-gkeubuntu-upgrade-linux-image-6-8-0-1022-ibmubuntu-upgrade-linux-image-6-8-0-1022-oracleubuntu-upgrade-linux-image-6-8-0-1022-oracle-64kubuntu-upgrade-linux-image-6-8-0-1024-nvidiaubuntu-upgrade-linux-image-6-8-0-1024-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1024-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1024-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1024-oemubuntu-upgrade-linux-image-6-8-0-1025-awsubuntu-upgrade-linux-image-6-8-0-1025-azureubuntu-upgrade-linux-image-6-8-0-1025-azure-fdeubuntu-upgrade-linux-image-6-8-0-1026-gcpubuntu-upgrade-linux-image-6-8-0-1026-gcp-64kubuntu-upgrade-linux-image-6-8-0-1027-awsubuntu-upgrade-linux-image-6-8-0-1028-raspiubuntu-upgrade-linux-image-6-8-0-2023-raspi-realtimeubuntu-upgrade-linux-image-6-8-0-56-genericubuntu-upgrade-linux-image-6-8-0-56-generic-64kubuntu-upgrade-linux-image-6-8-0-56-lowlatencyubuntu-upgrade-linux-image-6-8-0-56-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-57-genericubuntu-upgrade-linux-image-6-8-0-57-generic-64kubuntu-upgrade-linux-image-6-8-1-1018-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-22-04ubuntu-upgrade-linux-image-azure-fde-lts-24-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-nvidia-tegraubuntu-upgrade-linux-image-nvidia-tegra-igxubuntu-upgrade-linux-image-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-nvidia-tegra-rtubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi-realtimeubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmp

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today