CVE-2024-53687

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53687
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53687.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53687
Downstream
Related
Published
2025-01-11T12:29:50Z
Modified
2025-10-17T17:57:13.141594Z
Summary
riscv: Fix IPIs usage in kfence_protect_page()
Details

In the Linux kernel, the following vulnerability has been resolved:

riscv: Fix IPIs usage in kfenceprotectpage()

flushtlbkernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled:

[ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smpcallfunctionmanycond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : smpcallfunctionmanycond+0x452/0x520 [ 3.457736] ra : oneachcpucondmask+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10 [ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001 [ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001 [ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001 [ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003 [ 3.458373] [<ffffffff800b669a>] smpcallfunctionmanycond+0x452/0x520 [ 3.458593] [<ffffffff800b67c2>] oneachcpucondmask+0x1e/0x30 [ 3.458625] [<ffffffff8000e4ca>] _flushtlbrange+0x118/0x1ca [ 3.458656] [<ffffffff8000e6b2>] flushtlbkernelrange+0x1e/0x26 [ 3.458683] [<ffffffff801ea56a>] kfenceprotect+0xc0/0xce [ 3.458717] [<ffffffff801e9456>] kfenceguardedfree+0xc6/0x1c0 [ 3.458742] [<ffffffff801e9d6c>] _kfencefree+0x62/0xc6 [ 3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c [ 3.458786] [<ffffffff80588cf2>] detachbufsplit+0x188/0x1a8 [ 3.458816] [<ffffffff8058708c>] virtqueuegetbufctx+0xb6/0x1f6 [ 3.458839] [<ffffffff805871da>] virtqueuegetbuf+0xe/0x16 [ 3.458880] [<ffffffff80613d6a>] virtblkdone+0x5c/0xe2 [ 3.458908] [<ffffffff8058766e>] vringinterrupt+0x6a/0x74 [ 3.458930] [<ffffffff800747d8>] _handleirqeventpercpu+0x7c/0xe2 [ 3.458956] [<ffffffff800748f0>] handleirqevent+0x3c/0x86 [ 3.458978] [<ffffffff800786cc>] handlesimpleirq+0x9e/0xbe [ 3.459004] [<ffffffff80073934>] generichandledomainirq+0x1c/0x2a [ 3.459027] [<ffffffff804bf87c>] imsichandleirq+0xba/0x120 [ 3.459056] [<ffffffff80073934>] generichandledomainirq+0x1c/0x2a [ 3.459080] [<ffffffff804bdb76>] riscvintcaiairq+0x24/0x34 [ 3.459103] [<ffffffff809d0452>] handleriscvirq+0x2e/0x4c [ 3.459133] [<ffffffff809d923e>] callonirqstack+0x32/0x40

So only flush the local TLB and let the lazy kfence page fault handling deal with the faults which could happen when a core has an old protected pte version cached in its TLB. That leads to potential inaccuracies which can be tolerated when using kfence.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
47513f243b452a5e21180dcf3d6ac1c57e1781a6
Fixed
6f796a6a396d6f963f2cc8f5edd7dfba2cca097f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
47513f243b452a5e21180dcf3d6ac1c57e1781a6
Fixed
3abfc4130c4222099c69d023fed97f1180a8ad7b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
47513f243b452a5e21180dcf3d6ac1c57e1781a6
Fixed
b3431a8bb336cece8adc452437befa7d4534b2fd

Affected versions

v5.*

v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.13-rc1
v6.13-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-0cef2deb",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3431a8bb336cece8adc452437befa7d4534b2fd",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "317801251419210508945689768890215603486",
                "264948357446670492808380390552734136642",
                "2321854545154043768602319770440967639",
                "116710117829717664041106356463285632300"
            ]
        },
        "deprecated": false,
        "target": {
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-33ed0601",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3abfc4130c4222099c69d023fed97f1180a8ad7b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "317801251419210508945689768890215603486",
                "264948357446670492808380390552734136642",
                "2321854545154043768602319770440967639",
                "116710117829717664041106356463285632300"
            ]
        },
        "deprecated": false,
        "target": {
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-3cc896a4",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3431a8bb336cece8adc452437befa7d4534b2fd",
        "digest": {
            "length": 340.0,
            "function_hash": "105214260001223855548545307890330998135"
        },
        "deprecated": false,
        "target": {
            "function": "kfence_protect_page",
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-6f16f3a8",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6f796a6a396d6f963f2cc8f5edd7dfba2cca097f",
        "digest": {
            "length": 340.0,
            "function_hash": "105214260001223855548545307890330998135"
        },
        "deprecated": false,
        "target": {
            "function": "kfence_protect_page",
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-af362ad5",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6f796a6a396d6f963f2cc8f5edd7dfba2cca097f",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "317801251419210508945689768890215603486",
                "264948357446670492808380390552734136642",
                "2321854545154043768602319770440967639",
                "116710117829717664041106356463285632300"
            ]
        },
        "deprecated": false,
        "target": {
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2024-53687-c0fb3e09",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3abfc4130c4222099c69d023fed97f1180a8ad7b",
        "digest": {
            "length": 340.0,
            "function_hash": "105214260001223855548545307890330998135"
        },
        "deprecated": false,
        "target": {
            "function": "kfence_protect_page",
            "file": "arch/riscv/include/asm/kfence.h"
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.14.0
Fixed
6.6.67
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.6