Re: CVE-2023-52514: x86/reboot: VMCLEAR active VMCSes before emergency reboot

[Lee Jones]

On Mon, 11 Mar 2024, Michal Hocko wrote:

> On Sat 02-03-24 22:52:59, Greg KH wrote:
> > Description
> > ===========
> > 
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > x86/reboot: VMCLEAR active VMCSes before emergency reboot
> > 
> > VMCLEAR active VMCSes before any emergency reboot, not just if the kernel
> > may kexec into a new kernel after a crash.  Per Intel's SDM, the VMX
> > architecture doesn't require the CPU to flush the VMCS cache on INIT.  If
> > an emergency reboot doesn't RESET CPUs, cached VMCSes could theoretically
> > be kept and only be written back to memory after the new kernel is booted,
> > i.e. could effectively corrupt memory after reboot.
> > 
> > Opportunistically remove the setting of the global pointer to NULL to make
> > checkpatch happy.
> > 
> > The Linux kernel CVE team has assigned CVE-2023-52514 to this issue.
> 
> I do not really see the security aspect of this fix. Guests systems
> shouldn't be able to trigger host reboot nor any untrusted entity should
> on the host either or this would be a serious security hole.
> 
> Or am I missing something?

Thanks for reporting.

If Sean and/or Paolo agree, we can revoke the CVE for you.

-- 
Lee Jones [李琼斯]