From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: Geoff Levand <geoff@infradead.org>,
cve@kernel.org, linux-kernel@vger.kernel.org,
linux-cve-announce@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
Date: Tue, 21 May 2024 09:04:20 +0200 [thread overview]
Message-ID: <2024052108-observing-veteran-a175@gregkh> (raw)
In-Reply-To: <8734qc3v1m.fsf@mail.lhotse>
On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> >> On 5/20/24 16:04, Michael Ellerman wrote:
> >> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> >> Description
> >> >> ===========
> >> >>
> >> >> In the Linux kernel, the following vulnerability has been resolved:
> >> >>
> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >> >>
> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> >> calls.
> >> >>
> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >> >>
> >> >> Fixes run time errors like these:
> >> >>
> >> >> BUG: Kernel NULL pointer dereference at 0x00000000
> >> >> Faulting instruction address: 0xc000000000047cf0
> >> >> Oops: Kernel access of bad area, sig: 11 [#1]
> >> >> Call Trace:
> >> >> [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >> >> [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >> >> [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >> >>
> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> >> >
> >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> >> > boot, so the system is not vulnerable it's just broken :)
> >>
> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> >> boot, so there is no chance of a vulnerability.
> >
> > The definition of "vulnerability" from CVE.org is:
> > An instance of one or more weaknesses in a Product that can be
> > exploited, causing a negative impact to confidentiality, integrity, or
> > availability; a set of conditions or behaviors that allows the
> > violation of an explicit or implicit security policy.
> >
> > Having a system that does not boot is a "negative impact to
> > availability", which is why this was selected for a CVE. I.e. if a new
> > kernel update has this problem in it, it would not allow the system to
> > boot correctly.
>
> I think the key word above is "exploited", implying some sort of
> unauthorised action.
>
> This bug can cause the system to not boot, but only by someone who
> builds a new kernel and installs it - and if they have permission to do
> that they can just replace the kernel with anything, they don't need a
> bug.
>
> > But, if the maintainer of the subsystem thinks this should not be
> > assigned a CVE because of this fix, we'll be glad to revoke it.
> >
> > Michael, still want this revoked?
>
> Yes please.
Now rejected, thanks all for the review!
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: Geoff Levand <geoff@infradead.org>,
cve@kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org, linux-cve-announce@vger.kernel.org
Subject: Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
Date: Tue, 21 May 2024 09:04:20 +0200 [thread overview]
Message-ID: <2024052108-observing-veteran-a175@gregkh> (raw)
In-Reply-To: <8734qc3v1m.fsf@mail.lhotse>
On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> >> On 5/20/24 16:04, Michael Ellerman wrote:
> >> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> >> Description
> >> >> ===========
> >> >>
> >> >> In the Linux kernel, the following vulnerability has been resolved:
> >> >>
> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >> >>
> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> >> calls.
> >> >>
> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >> >>
> >> >> Fixes run time errors like these:
> >> >>
> >> >> BUG: Kernel NULL pointer dereference at 0x00000000
> >> >> Faulting instruction address: 0xc000000000047cf0
> >> >> Oops: Kernel access of bad area, sig: 11 [#1]
> >> >> Call Trace:
> >> >> [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >> >> [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >> >> [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >> >>
> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> >> >
> >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> >> > boot, so the system is not vulnerable it's just broken :)
> >>
> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> >> boot, so there is no chance of a vulnerability.
> >
> > The definition of "vulnerability" from CVE.org is:
> > An instance of one or more weaknesses in a Product that can be
> > exploited, causing a negative impact to confidentiality, integrity, or
> > availability; a set of conditions or behaviors that allows the
> > violation of an explicit or implicit security policy.
> >
> > Having a system that does not boot is a "negative impact to
> > availability", which is why this was selected for a CVE. I.e. if a new
> > kernel update has this problem in it, it would not allow the system to
> > boot correctly.
>
> I think the key word above is "exploited", implying some sort of
> unauthorised action.
>
> This bug can cause the system to not boot, but only by someone who
> builds a new kernel and installs it - and if they have permission to do
> that they can just replace the kernel with anything, they don't need a
> bug.
>
> > But, if the maintainer of the subsystem thinks this should not be
> > assigned a CVE because of this fix, we'll be glad to revoke it.
> >
> > Michael, still want this revoked?
>
> Yes please.
Now rejected, thanks all for the review!
greg k-h
next prev parent reply other threads:[~2024-05-21 7:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 14:01 CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Greg Kroah-Hartman
2024-05-20 7:04 ` Michael Ellerman
2024-05-20 7:04 ` Michael Ellerman
2024-05-20 8:35 ` Geoff Levand
2024-05-20 8:52 ` Greg Kroah-Hartman
2024-05-20 23:47 ` Michael Ellerman
2024-05-21 7:04 ` Greg Kroah-Hartman [this message]
2024-05-21 7:04 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024052108-observing-veteran-a175@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=geoff@infradead.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.