CVE-2024-45005

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45005
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45005.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45005
Downstream
Related
Published
2024-09-04T19:54:47Z
Modified
2025-10-09T16:28:22.871077Z
Summary
KVM: s390: fix validity interception issue when gisa is switched off
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: s390: fix validity interception issue when gisa is switched off

We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N (echo N >/sys/module/kvm/parameters/usegisa).

The validity is caused by an invalid value in the SIE control block's gisa designation. That happens because we pass the uninitialized gisa origin to virttophys() before writing it to the gisa designation.

To fix this we return 0 in kvms390getgisadesc() if the origin is 0. kvms390getgisadesc() is used to determine which gisa designation to set in the SIE control block. A value of 0 in the gisa designation disables gisa usage.

The issue surfaces in the host kernel with the following kernel message as soon a new kvm guest start is attemted.

kvm: unhandled validity intercept 0x1011 WARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvmhandlesieintercept+0x42e/0x4d0 [kvm] Modules linked in: vhostnet tap tun xtCHECKSUM xtMASQUERADE xtconntrack iptREJECT xttcpudp nftcompat xtables nfnattftp nfconntracktftp vfiopcicore irqbypass vhostvsock vmwvsockvirtiotransportcommon vsock vhost vhostiotlb kvm nftfibinet nftfibipv4 nftfibipv6 nftfib nftrejectinet nfrejectipv4 nfrejectipv6 nftreject nftct nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables sunrpc mlx5ib ibuverbs ibcore mlx5core uvdevice s390trng eadmsch vfioccw zcryptcex4 mdev vfioiommutype1 vfio schfqcodel drm i2ccore loop drmpanelorientationquirks configfs nfnetlink lcs ctcm fsm dmservicetime ghashs390 prng chachas390 libchacha aess390 dess390 libdes sha3512s390 sha3256s390 sha512s390 sha256s390 sha1s390 shacommon dmmirror dmregionhash dmlog zfcp scsitransportfc scsidhrdac scsidhemc scsidhalua pkey zcrypt dmmultipath rngcore autofs4 [last unloaded: vfiopci] CPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6 Hardware name: IBM 3931 A01 701 (LPAR) Krnl PSW : 0704c00180000000 000003d93deb0122 (kvmhandlesieintercept+0x432/0x4d0 [kvm]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Krnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000 000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff 000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412 000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960 Krnl Code: 000003d93deb0112: c020fffe7259 larl %r2,000003d93de7e5c4 000003d93deb0118: c0e53fa8beac brasl %r14,000003d9bd3c7e70 #000003d93deb011e: af000000 mc 0,0

000003d93deb0122: a728ffea lhi %r2,-22 000003d93deb0126: a7f4fe24 brc 15,000003d93deafd6e 000003d93deb012a: 9101f0b0 tm 176(%r15),1 000003d93deb012e: a774fe48 brc 7,000003d93deafdbe 000003d93deb0132: 40a0f0ae sth %r10,174(%r15) Call Trace: [<000003d93deb0122>] kvmhandlesieintercept+0x432/0x4d0 [kvm] ([<000003d93deb011e>] kvmhandlesieintercept+0x42e/0x4d0 [kvm]) [<000003d93deacc10>] vcpupostrun+0x1d0/0x3b0 [kvm] [<000003d93deaceda>] _vcpurun+0xea/0x2d0 [kvm] [<000003d93dead9da>] kvmarchvcpuioctlrun+0x16a/0x430 [kvm] [<000003d93de93ee0>] kvmvcpuioctl+0x190/0x7c0 [kvm] [<000003d9bd728b4e>] vfsioctl+0x2e/0x70 [<000003d9bd72a092>] _s390xsysioctl+0xc2/0xd0 [<000003d9be0e9222>] _dosyscall+0x1f2/0x2e0 [<000003d9be0f9a90>] systemcall+0x70/0x98 Last Breaking-Event-Address: [<000003d9bd3c7f58>] _warn_printk+0xe8/0xf0

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fe0ef00304639cae82df7c9ad6a15286bd5f876e
Fixed
051c0a558154174cfcea301a386e4c91ade83ce1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fe0ef00304639cae82df7c9ad6a15286bd5f876e
Fixed
027ac3c5092561bccce09b314a73a1c167117ef6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fe0ef00304639cae82df7c9ad6a15286bd5f876e
Fixed
5a44bb061d04b0306f2aa8add761d86d152b9377

Affected versions

v6.*

v6.1
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.11-rc1
v6.11-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.48
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.7