Headline
CVE-2023-21264
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "b35a06182451f71cc0543cfe36a3f21fad6f6f02", "tree": "7fdf671a4088d9e11c465beddb0dc1419fff4165", "parents": [ “53625a846a7b4273982157d7a1db5947371757ef” ], "author": { "name": "Will Deacon", "email": "[email protected]", "time": “Wed Apr 26 15:38:32 2023 +0100” }, "committer": { "name": "Will Deacon", "email": "[email protected]", "time": “Fri Apr 28 14:31:57 2023 +0000” }, "message": "ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback\n\nSince host stage-2 mappings are created lazily, we cannot rely on the\npte in order to recover the target physical address when checking a\nhost-initiated memory transition.\n\nInstead, move the addr_is_allowed_memory() check into the host callback\nfunction where it is passed the physical address directly from the\nwalker.\n\nBug: 279739439\nSigned-off-by: Will Deacon \[email protected]\u003e\nChange-Id: I84bdc43eded79f1f5e5a489dbc0874604491e5c8\n", "tree_diff": [ { "type": "modify", "old_id": "d1bb4f8689acc1ed08fb633b06b92cd20992cbe2", "old_mode": 33188, "old_path": "arch/arm64/kvm/hyp/nvhe/mem_protect.c", "new_id": "402b22ffc59315c4a984aa00fd61c5d1ecd4723c", "new_mode": 33188, "new_path": “arch/arm64/kvm/hyp/nvhe/mem_protect.c” } ] }
Related news
Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
Ubuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.