Description
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing: struct kvm_enc_region range = { .addr = 0, .size = -1ul, }; __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); Note, the checks in sev_mem_enc_register_region() that presumably exist to verify the incoming address+size are completely worthless, as both "addr" and "size" are u64s and SEV is 64-bit only, i.e. they _can't_ be greater than ULONG_MAX. That wart will be cleaned up in the near future. if (range->addr > ULONG_MAX || range->size > ULONG_MAX) return -EINVAL; Opportunistically add a comment to explain why the code calculates the number of pages the "hard" way, e.g. instead of just shifting @ulen.
Product status
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before 6a8e3c82122737529b25ef2a048fbcc569d8c055
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before a703933bcfa5cc76ca10e2048464600e74136099
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before abcd43ff579abd0a654bb4636086e78819dd5f4c
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before b670833749ffd8681361db2bb047c6f2e3075f3a
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before ab423e5892826202a660b5ac85d1125b0e8301a5
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before 28cc13ca20431b127d42d84ba10898d03e2c8267
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before c29ff288a2d97a6f4640a498a367cf0eb91312eb
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before 1cba4dcd795daf6d257122779fb6a349edf03914
78824fabc72e5e37d51e6e567fde70a4fc41a6d7 (git) before 8acffeef5ef720c35e513e322ab08e32683f32f2
5.9
Any version before 5.9
5.10.258 (semver)
5.15.209 (semver)
6.1.175 (semver)
6.6.136 (semver)
6.12.83 (semver)
6.18.24 (semver)
6.19.14 (semver)
7.0.1 (semver)
7.1-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/6a8e3c82122737529b25ef2a048fbcc569d8c055
git.kernel.org/...c/a703933bcfa5cc76ca10e2048464600e74136099
git.kernel.org/...c/abcd43ff579abd0a654bb4636086e78819dd5f4c
git.kernel.org/...c/b670833749ffd8681361db2bb047c6f2e3075f3a
git.kernel.org/...c/ab423e5892826202a660b5ac85d1125b0e8301a5
git.kernel.org/...c/28cc13ca20431b127d42d84ba10898d03e2c8267
git.kernel.org/...c/c29ff288a2d97a6f4640a498a367cf0eb91312eb
git.kernel.org/...c/1cba4dcd795daf6d257122779fb6a349edf03914
git.kernel.org/...c/8acffeef5ef720c35e513e322ab08e32683f32f2