In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Feb 23, 2024
to the GitHub Advisory Database
•
Updated Apr 27, 2024
Description
Published by the National Vulnerability Database
Feb 23, 2024
Published to the GitHub Advisory Database
Feb 23, 2024
Last updated
Apr 27, 2024
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
There is a potential UAF scenario in the case of an LPI translation
cache hit racing with an operation that invalidates the cache, such
as a DISCARD ITS command. The root of the problem is that
vgic_its_check_cache() does not elevate the refcount on the vgic_irq
before dropping the lock that serializes refcount changes.
Have vgic_its_check_cache() raise the refcount on the returned vgic_irq
and add the corresponding decrement after queueing the interrupt.
References