{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-45005",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-08-21T05:34:56.679Z",
        "datePublished": "2024-09-04T19:54:47.694Z",
        "dateUpdated": "2024-09-15T17:56:51.502Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-09-15T17:56:51.502Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter \"kvm.use_gisa=0\" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block's\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "arch/s390/kvm/kvm-s390.h"
                    ],
                    "versions": [
                        {
                            "version": "fe0ef0030463",
                            "lessThan": "051c0a558154",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "fe0ef0030463",
                            "lessThan": "027ac3c50925",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "fe0ef0030463",
                            "lessThan": "5a44bb061d04",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "arch/s390/kvm/kvm-s390.h"
                    ],
                    "versions": [
                        {
                            "version": "6.2",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "6.2",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.48",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.10.7",
                            "lessThanOrEqual": "6.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.11",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1"
                },
                {
                    "url": "https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6"
                },
                {
                    "url": "https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377"
                }
            ],
            "title": "KVM: s390: fix validity interception issue when gisa is switched off",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-09-04T20:18:16.023485Z",
                                "id": "CVE-2024-45005",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-04T20:18:35.458Z"
                }
            }
        ]
    }
}