CVE-2024-49856

{"id": "CVE-2024-49856", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T13:15:06.353", "references": [{"url": "https://git.kernel.org/stable/c/0f89fb4042c08fd143bfc28af08bf6c8a0197eea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/20c96d0aaabfe361fc2a11c173968dc67feadbbf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/40fb64257dab507d86b5f1f2a62f3669ef0c91a8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8132510c915815e6b537ab937d94ed66893bc7b8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c936844010466535bd46ea4ce4656ef17653644", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fb2d057539eda67ec7cfc369bf587e6518a9b99d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Fix deadlock in SGX NUMA node search\n\nWhen the current node doesn't have an EPC section configured by firmware\nand all other EPC sections are used up, CPU can get stuck inside the\nwhile loop that looks for an available EPC page from remote nodes\nindefinitely, leading to a soft lockup. Note how nid_of_current will\nnever be equal to nid in that while loop because nid_of_current is not\nset in sgx_numa_mask.\n\nAlso worth mentioning is that it's perfectly fine for the firmware not\nto setup an EPC section on a node. While setting up an EPC section on\neach node can enhance performance, it is not a requirement for\nfunctionality.\n\nRework the loop to start and end on *a* node that has SGX memory. This\navoids the deadlock looking for the current SGX-lacking node to show up\nin the loop when it never will."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/sgx: Se solucion\u00f3 el bloqueo en la b\u00fasqueda de nodos NUMA de SGX Cuando el nodo actual no tiene una secci\u00f3n EPC configurada por el firmware y todas las dem\u00e1s secciones EPC est\u00e1n agotadas, la CPU puede quedar atrapada dentro del bucle while que busca una p\u00e1gina EPC disponible de los nodos remotos de forma indefinida, lo que lleva a un bloqueo suave. Tenga en cuenta que nid_of_current nunca ser\u00e1 igual a nid en ese bucle while porque nid_of_current no est\u00e1 configurado en sgx_numa_mask. Tambi\u00e9n vale la pena mencionar que est\u00e1 perfectamente bien que el firmware no configure una secci\u00f3n EPC en un nodo. Si bien configurar una secci\u00f3n EPC en cada nodo puede mejorar el rendimiento, no es un requisito para la funcionalidad. Rehaga el bucle para que comience y termine en *un* nodo que tenga memoria SGX. Esto evita el bloqueo que busca el nodo actual que carece de SGX para que aparezca en el bucle cuando nunca lo har\u00e1."}], "lastModified": "2025-11-03T23:16:25.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71269D77-D25F-4909-8E7A-405593B279FE", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976", "versionEndExcluding": "6.6.54", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}