CVE-2024-26816: x86, relocs: Ignore relocations in .notes section

* CVE-2024-26816: x86, relocs: Ignore relocations in .notes section
@ 2024-04-10 13:54 Greg Kroah-Hartman
  0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2024-04-10 13:54 UTC (permalink / raw)
  To: linux-cve-announce; +Cc: Greg Kroah-Hartman

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

x86, relocs: Ignore relocations in .notes section

When building with CONFIG_XEN_PV=y, .text symbols are emitted into
the .notes section so that Xen can find the "startup_xen" entry point.
This information is used prior to booting the kernel, so relocations
are not useful. In fact, performing relocations against the .notes
section means that the KASLR base is exposed since /sys/kernel/notes
is world-readable.

To avoid leaking the KASLR base without breaking unprivileged tools that
are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to
those found in System.map.

The Linux kernel CVE team has assigned CVE-2024-26816 to this issue.

Affected and fixed versions
===========================

	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 4.19.311 with commit 13edb509abc9
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.4.273 with commit 52018aa146e3
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.10.214 with commit a4e7ff1a7427
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.15.153 with commit c7cff9780297
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.1.83 with commit 47635b112a64
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.6.23 with commit af2a9f98d884
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.7.11 with commit ae7079238f6f
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.8.2 with commit 5cb59db49c9c
	Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.9-rc1 with commit aaa8736370db

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26816
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	arch/x86/tools/relocs.c

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03
	https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088
	https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a
	https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af
	https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723
	https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c
	https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa
	https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40
	https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b

^ permalink raw reply	[flat|nested] only message in thread