CVE-2024-50017: x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
When ident_pud_init() uses only GB pages to create identity maps, large
ranges of addresses not actually requested can be included in the resulting
table; a 4K request will map a full GB. This can include a lot of extra
address space past that requested, including areas marked reserved by the
BIOS. That allows processor speculation into reserved regions, that on UV
systems can cause system halts.
Only use GB pages when map creation requests include the full GB page of
space. Fall back to using smaller 2M pages when only portions of a GB page
are included in the request.
No attempt is made to coalesce mapping requests. If a request requires a
map entry at the 2M (pmd) level, subsequent mapping requests within the
same 1G region will also be at the pmd level, even if adjacent or
overlapping such requests could have been combined to map a full GB page.
Existing usage starts with larger regions and then adds smaller regions, so
this should not have any great consequence.
Classification
CVE ID: CVE-2024-50017
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.67% (scored less or equal to compared to others)
EPSS Date: 2025-03-18 (when was this score calculated)
References
https://git.kernel.org/stable/c/d113f9723f2bfd9c6feeb899b8ddbee6b8a6e01fhttps://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740
https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195
https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036