CVE-2024-26761 Affecting kernel-syms-azure package, versions <6.4.0-150600.8.17.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-KERNELSYMSAZURE-8376763
  • published14 Nov 2024
  • disclosed13 Nov 2024

Introduced: 13 Nov 2024

CVE-2024-26761  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-syms-azure to version 6.4.0-150600.8.17.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-syms-azure package and not the kernel-syms-azure package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed with are system physical addresses (SPA).

During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1, 8.1.3.8) are checked if the memory is enabled and the CXL range is in a HPA window that is described in a CFMWS structure of the CXL host bridge (cxl-3.1, 9.18.1.3).

Now, if the HPA is not an SPA, the CXL range does not match a CFMWS window and the CXL memory range will be disabled then. The HDM decoder stops working which causes system memory being disabled and further a system hang during HDM decoder initialization, typically when a CXL enabled kernel boots.

Prevent a system hang and do not disable the HDM decoder if the decoder's CXL range is not found in a CFMWS window.

Note the change only fixes a hardware hang, but does not implement HPA/SPA translation. Support for this can be added in a follow on patch series.

CVSS Scores

version 3.1