CVE-2024-46707

Updated: 2024-09-21 05:07:59.144341

Description:

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-23 05:22:24
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-23 05:22:24
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-23 05:22:23
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-23 05:22:23
Total: 14