{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-38610","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-18T19:36:34.942Z","datePublished":"2024-06-19T13:56:12.083Z","dateUpdated":"2025-05-04T12:56:52.947Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:56:52.947Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()\n\nPatch series \"mm: follow_pte() improvements and acrn follow_pte() fixes\".\n\nPatch #1 fixes a bunch of issues I spotted in the acrn driver.  It\ncompiles, that's all I know.  I'll appreciate some review and testing from\nacrn folks.\n\nPatch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding\nmore sanity checks, and improving the documentation.  Gave it a quick test\non x86-64 using VM_PAT that ends up using follow_pte().\n\n\nThis patch (of 3):\n\nWe currently miss handling various cases, resulting in a dangerous\nfollow_pte() (previously follow_pfn()) usage.\n\n(1) We're not checking PTE write permissions.\n\nMaybe we should simply always require pte_write() like we do for\npin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let's check for\nACRN_MEM_ACCESS_WRITE for now.\n\n(2) We're not rejecting refcounted pages.\n\nAs we are not using MMU notifiers, messing with refcounted pages is\ndangerous and can result in use-after-free. Let's make sure to reject them.\n\n(3) We are only looking at the first PTE of a bigger range.\n\nWe only lookup a single PTE, but memmap->len may span a larger area.\nLet's loop over all involved PTEs and make sure the PFN range is\nactually contiguous. Reject everything else: it couldn't have worked\neither way, and rather made use access PFNs we shouldn't be accessing."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/virt/acrn/mm.c"],"versions":[{"version":"b9c43aa0b18da5619aac347d54cb67fe30d1f884","lessThan":"5c6705aa47b5b78d7ad36fea832bb69caa5bf49a","status":"affected","versionType":"git"},{"version":"8a6e85f75a83d16a71077e41f2720c691f432002","lessThan":"afeb0e69627695f759fc73c39c1640dbf8649b32","status":"affected","versionType":"git"},{"version":"8a6e85f75a83d16a71077e41f2720c691f432002","lessThan":"e873f36ec890bece26ecce850e969917bceebbb6","status":"affected","versionType":"git"},{"version":"8a6e85f75a83d16a71077e41f2720c691f432002","lessThan":"4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4","status":"affected","versionType":"git"},{"version":"8a6e85f75a83d16a71077e41f2720c691f432002","lessThan":"2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb","status":"affected","versionType":"git"},{"version":"8a6e85f75a83d16a71077e41f2720c691f432002","lessThan":"3d6586008f7b638f91f3332602592caa8b00b559","status":"affected","versionType":"git"},{"version":"149d5fb7e0124c3763e92edd1fde19417f4d2d09","status":"affected","versionType":"git"},{"version":"02098ac42b7ff055ec72cd083ee1eb0a23481a19","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/virt/acrn/mm.c"],"versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.93","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.33","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.12","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9.3","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.33","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.6.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.9.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5c6705aa47b5b78d7ad36fea832bb69caa5bf49a"},{"url":"https://git.kernel.org/stable/c/afeb0e69627695f759fc73c39c1640dbf8649b32"},{"url":"https://git.kernel.org/stable/c/e873f36ec890bece26ecce850e969917bceebbb6"},{"url":"https://git.kernel.org/stable/c/4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4"},{"url":"https://git.kernel.org/stable/c/2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb"},{"url":"https://git.kernel.org/stable/c/3d6586008f7b638f91f3332602592caa8b00b559"}],"title":"drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-24T18:14:59.732296Z","id":"CVE-2024-38610","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-24T18:15:07.284Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:12:25.993Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5c6705aa47b5b78d7ad36fea832bb69caa5bf49a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/afeb0e69627695f759fc73c39c1640dbf8649b32","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e873f36ec890bece26ecce850e969917bceebbb6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3d6586008f7b638f91f3332602592caa8b00b559","tags":["x_transferred"]}]}]}}