CVE-2024-46689
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/09/2024
Last modified:
13/09/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
soc: qcom: cmd-db: Map shared memory as WC, not WB<br />
<br />
Linux does not write into cmd-db region. This region of memory is write<br />
protected by XPU. XPU may sometime falsely detect clean cache eviction<br />
as "write" into the write protected region leading to secure interrupt<br />
which causes an endless loop somewhere in Trust Zone.<br />
<br />
The only reason it is working right now is because Qualcomm Hypervisor<br />
maps the same region as Non-Cacheable memory in Stage 2 translation<br />
tables. The issue manifests if we want to use another hypervisor (like<br />
Xen or KVM), which does not know anything about those specific mappings.<br />
<br />
Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC<br />
removes dependency on correct mappings in Stage 2 tables. This patch<br />
fixes the issue by updating the mapping to MEMREMAP_WC.<br />
<br />
I tested this on SA8155P with Xen.
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278
- https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4
- https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf
- https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271
- https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70
- https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374
- https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d