CVE-2024-26695: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked

The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:

[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)
[ 137.162647] ccp 0000:23:00.1: no command queues available
[ 137.170598] ccp 0000:23:00.1: sev enabled
[ 137.174645] ccp 0000:23:00.1: psp enabled
[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]
[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311
[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180
[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c
[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e
[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0
[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66
[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28
[ 137.182693] R13: ffff8881e5052c28 R14:...

Classification

CVE ID: CVE-2024-26695

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed
https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4
https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb
https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4
https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266
https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983

Timeline

2024-12-20 00:33:34 UTC
CVE

crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked