CVE-2024-53135

MEDIUM EPSS 13.2%
Published Dec 4, 20241y ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Dec 4, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc.

CVSS Details

Base Score
6.5
Exploitability
2.0
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥5.0  –  <6.1.119
linuxlinux_kernel*≥6.2  –  <6.6.63
linuxlinux_kernel*≥6.7  –  <6.11.10
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2
  • git.kernel.org https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de
  • git.kernel.org https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b
  • git.kernel.org https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313
    Patch