CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Greg Kroah-Hartman]

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
that is incompatible with the current code for the PS3's LV1 hypervisor
calls.

This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.

Fixes run time errors like these:

  BUG: Kernel NULL pointer dereference at 0x00000000
  Faulting instruction address: 0xc000000000047cf0
  Oops: Kernel access of bad area, sig: 11 [#1]
  Call Trace:
  [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
  [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
  [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8

The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.5 with commit 8c5fa3b5c4df and fixed in 6.6.15 with commit f70557d48215
	Issue introduced in 6.5 with commit 8c5fa3b5c4df and fixed in 6.7.3 with commit d0f0780f03df
	Issue introduced in 6.5 with commit 8c5fa3b5c4df and fixed in 6.8 with commit 482b718a84f0

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52665
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/powerpc/configs/ps3_defconfig


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/f70557d48215b14a9284ac3a6ae7e4ee1d039f10
	https://git.kernel.org/stable/c/d0f0780f03df54d08ced118d27834ee5008724e4
	https://git.kernel.org/stable/c/482b718a84f08b6fc84879c3e90cc57dba11c115

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Michael Ellerman]

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>
> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> that is incompatible with the current code for the PS3's LV1 hypervisor
> calls.
>
> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>
> Fixes run time errors like these:
>
>   BUG: Kernel NULL pointer dereference at 0x00000000
>   Faulting instruction address: 0xc000000000047cf0
>   Oops: Kernel access of bad area, sig: 11 [#1]
>   Call Trace:
>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>
> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.

IMHO this doesn't warrant a CVE. The crash mentioned above happens at
boot, so the system is not vulnerable it's just broken :)

cheers

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Michael Ellerman]

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>
> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> that is incompatible with the current code for the PS3's LV1 hypervisor
> calls.
>
> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>
> Fixes run time errors like these:
>
>   BUG: Kernel NULL pointer dereference at 0x00000000
>   Faulting instruction address: 0xc000000000047cf0
>   Oops: Kernel access of bad area, sig: 11 [#1]
>   Call Trace:
>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>
> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.

IMHO this doesn't warrant a CVE. The crash mentioned above happens at
boot, so the system is not vulnerable it's just broken :)

cheers

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Geoff Levand]

On 5/20/24 16:04, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
>> Description
>> ===========
>>
>> In the Linux kernel, the following vulnerability has been resolved:
>>
>> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>>
>> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
>> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
>> that is incompatible with the current code for the PS3's LV1 hypervisor
>> calls.
>>
>> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
>> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>>
>> Fixes run time errors like these:
>>
>>   BUG: Kernel NULL pointer dereference at 0x00000000
>>   Faulting instruction address: 0xc000000000047cf0
>>   Oops: Kernel access of bad area, sig: 11 [#1]
>>   Call Trace:
>>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>>
>> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> 
> IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> boot, so the system is not vulnerable it's just broken :)

As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
boot, so there is no chance of a vulnerability.

-Geoff

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Greg Kroah-Hartman]

On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> On 5/20/24 16:04, Michael Ellerman wrote:
> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> Description
> >> ===========
> >>
> >> In the Linux kernel, the following vulnerability has been resolved:
> >>
> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >>
> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> calls.
> >>
> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >>
> >> Fixes run time errors like these:
> >>
> >>   BUG: Kernel NULL pointer dereference at 0x00000000
> >>   Faulting instruction address: 0xc000000000047cf0
> >>   Oops: Kernel access of bad area, sig: 11 [#1]
> >>   Call Trace:
> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >>
> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> > 
> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> > boot, so the system is not vulnerable it's just broken :)
> 
> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> boot, so there is no chance of a vulnerability.

The definition of "vulnerability" from CVE.org is:
	An instance of one or more weaknesses in a Product that can be
	exploited, causing a negative impact to confidentiality, integrity, or
	availability; a set of conditions or behaviors that allows the
	violation of an explicit or implicit security policy.

Having a system that does not boot is a "negative impact to
availability", which is why this was selected for a CVE.  I.e. if a new
kernel update has this problem in it, it would not allow the system to
boot correctly.

But, if the maintainer of the subsystem thinks this should not be
assigned a CVE because of this fix, we'll be glad to revoke it.

Michael, still want this revoked?

thanks,

greg k-h

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Michael Ellerman]

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
>> On 5/20/24 16:04, Michael Ellerman wrote:
>> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
>> >> Description
>> >> ===========
>> >>
>> >> In the Linux kernel, the following vulnerability has been resolved:
>> >>
>> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>> >>
>> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
>> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
>> >> that is incompatible with the current code for the PS3's LV1 hypervisor
>> >> calls.
>> >>
>> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
>> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>> >>
>> >> Fixes run time errors like these:
>> >>
>> >>   BUG: Kernel NULL pointer dereference at 0x00000000
>> >>   Faulting instruction address: 0xc000000000047cf0
>> >>   Oops: Kernel access of bad area, sig: 11 [#1]
>> >>   Call Trace:
>> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>> >>
>> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
>> > 
>> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
>> > boot, so the system is not vulnerable it's just broken :)
>> 
>> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
>> boot, so there is no chance of a vulnerability.
>
> The definition of "vulnerability" from CVE.org is:
> 	An instance of one or more weaknesses in a Product that can be
> 	exploited, causing a negative impact to confidentiality, integrity, or
> 	availability; a set of conditions or behaviors that allows the
> 	violation of an explicit or implicit security policy.
>
> Having a system that does not boot is a "negative impact to
> availability", which is why this was selected for a CVE.  I.e. if a new
> kernel update has this problem in it, it would not allow the system to
> boot correctly.

I think the key word above is "exploited", implying some sort of
unauthorised action.

This bug can cause the system to not boot, but only by someone who
builds a new kernel and installs it - and if they have permission to do
that they can just replace the kernel with anything, they don't need a
bug.

> But, if the maintainer of the subsystem thinks this should not be
> assigned a CVE because of this fix, we'll be glad to revoke it.
>
> Michael, still want this revoked?

Yes please.

cheers

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Greg Kroah-Hartman]

On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> >> On 5/20/24 16:04, Michael Ellerman wrote:
> >> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> >> Description
> >> >> ===========
> >> >>
> >> >> In the Linux kernel, the following vulnerability has been resolved:
> >> >>
> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >> >>
> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> >> calls.
> >> >>
> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >> >>
> >> >> Fixes run time errors like these:
> >> >>
> >> >>   BUG: Kernel NULL pointer dereference at 0x00000000
> >> >>   Faulting instruction address: 0xc000000000047cf0
> >> >>   Oops: Kernel access of bad area, sig: 11 [#1]
> >> >>   Call Trace:
> >> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >> >>
> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> >> > 
> >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> >> > boot, so the system is not vulnerable it's just broken :)
> >> 
> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> >> boot, so there is no chance of a vulnerability.
> >
> > The definition of "vulnerability" from CVE.org is:
> > 	An instance of one or more weaknesses in a Product that can be
> > 	exploited, causing a negative impact to confidentiality, integrity, or
> > 	availability; a set of conditions or behaviors that allows the
> > 	violation of an explicit or implicit security policy.
> >
> > Having a system that does not boot is a "negative impact to
> > availability", which is why this was selected for a CVE.  I.e. if a new
> > kernel update has this problem in it, it would not allow the system to
> > boot correctly.
> 
> I think the key word above is "exploited", implying some sort of
> unauthorised action.
> 
> This bug can cause the system to not boot, but only by someone who
> builds a new kernel and installs it - and if they have permission to do
> that they can just replace the kernel with anything, they don't need a
> bug.
> 
> > But, if the maintainer of the subsystem thinks this should not be
> > assigned a CVE because of this fix, we'll be glad to revoke it.
> >
> > Michael, still want this revoked?
> 
> Yes please.

Now rejected, thanks all for the review!

greg k-h

Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

[Greg Kroah-Hartman]

On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> >> On 5/20/24 16:04, Michael Ellerman wrote:
> >> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> >> Description
> >> >> ===========
> >> >>
> >> >> In the Linux kernel, the following vulnerability has been resolved:
> >> >>
> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >> >>
> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> >> calls.
> >> >>
> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >> >>
> >> >> Fixes run time errors like these:
> >> >>
> >> >>   BUG: Kernel NULL pointer dereference at 0x00000000
> >> >>   Faulting instruction address: 0xc000000000047cf0
> >> >>   Oops: Kernel access of bad area, sig: 11 [#1]
> >> >>   Call Trace:
> >> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >> >>
> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> >> > 
> >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> >> > boot, so the system is not vulnerable it's just broken :)
> >> 
> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> >> boot, so there is no chance of a vulnerability.
> >
> > The definition of "vulnerability" from CVE.org is:
> > 	An instance of one or more weaknesses in a Product that can be
> > 	exploited, causing a negative impact to confidentiality, integrity, or
> > 	availability; a set of conditions or behaviors that allows the
> > 	violation of an explicit or implicit security policy.
> >
> > Having a system that does not boot is a "negative impact to
> > availability", which is why this was selected for a CVE.  I.e. if a new
> > kernel update has this problem in it, it would not allow the system to
> > boot correctly.
> 
> I think the key word above is "exploited", implying some sort of
> unauthorised action.
> 
> This bug can cause the system to not boot, but only by someone who
> builds a new kernel and installs it - and if they have permission to do
> that they can just replace the kernel with anything, they don't need a
> bug.
> 
> > But, if the maintainer of the subsystem thinks this should not be
> > assigned a CVE because of this fix, we'll be glad to revoke it.
> >
> > Michael, still want this revoked?
> 
> Yes please.

Now rejected, thanks all for the review!

greg k-h