From: Michal Hocko <mhocko@suse.com>
To: Nikolay Borisov <nik.borisov@suse.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
linux-cve-announce@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code
Date: Tue, 28 May 2024 10:51:52 +0200 [thread overview]
Message-ID: <ZlWbKDZh18KHTsgX@tiehlicka> (raw)
In-Reply-To: <b3a6ea47-8628-4edc-aee5-e5051955124a@suse.com>
On Thu 23-05-24 14:14:57, Nikolay Borisov wrote:
[...]
> I'd like to dispute this CVE since it doesn't constitute a security related
> bug. Sure, it might crash a SEV guest during boot but it doesn't constitute
> a security issue per-se.
Let me add analysis by Joerg here:
: This is not a security issue. The patch works around clangs compiler behavior
: where it inserts absolute references to kernel addresses. This breaks kernel
: boot because at the time this code runs the kernel still runs direct-mapped and
: needs to rely on RIP-relative addressing only.
:
: Any breakage there would be detected at early boot of the kernel by a fatal
: crash, which can not be exploited. Also, our kernels are not compiled with
: clang, so from that perspective this is also not an issue for us either.
So this is a functional fix for clang builds.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2024-05-28 8:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 13:23 CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code Greg Kroah-Hartman
2024-05-23 11:14 ` Nikolay Borisov
2024-05-23 11:21 ` Greg Kroah-Hartman
2024-05-23 12:01 ` Nikolay Borisov
2024-05-23 12:17 ` Greg Kroah-Hartman
2024-05-23 12:21 ` Nikolay Borisov
2024-05-23 12:38 ` Greg Kroah-Hartman
2024-05-28 8:51 ` Michal Hocko [this message]
2024-05-28 19:08 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlWbKDZh18KHTsgX@tiehlicka \
--to=mhocko@suse.com \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nik.borisov@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.