From 9a2bbe30b813b3e78e1c557b86b7112f83124acd Mon Sep 17 00:00:00 2001 From: Gerwin Klein Date: Wed, 21 Feb 2024 10:28:59 +1100 Subject: [PATCH] changes: describe VCPU fix Signed-off-by: Gerwin Klein --- CHANGES | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CHANGES b/CHANGES index e5606ac93..88e05d9ea 100644 --- a/CHANGES +++ b/CHANGES @@ -26,6 +26,24 @@ Upcoming release: BREAKING ## Changes +### Security-relevant Changes + +* Fixed a kernel-crashing NULL pointer dereference when injecting an IRQ for a non-associated VCPU on SMP + configurations. This can be triggered from user-level by any thread that has access to or can create non-associated + VCPU objects. While HYP+SMP is not a verified configuration and is not thoroughly tested, it is generally assumed to + be working. If you are using this configuration, it is strongly recommended to upgrade. + + * Affected configurations: only unverified HYP+SMP configurations on Arm platforms are affected. + * Affected versions: seL4 versions 12.0.0 and 12.1.0. + * Exploitability: Any thread that can create or that has access to an unassociated VCPU can cause the crash. In static + systems, only the system initialiser thread can create VCPUs and the standard capDL system initialiser will not + trigger the issue. VMMs could have the authority to dissociate an existing VCPU from a TCB if they have both + capabilities. That is, a malicious VMM could cause a crash, but generally VMMs are trusted, albeit not verified + code. Guest VMs generally do not have sufficient authority to exploit this vulnerability. + * Severity: Critical. This crashes the entire system. + +### Other Changes + * Added support for the ARM Cortex A55 * Added support for the ODroid C4 * Added support for the Avnet MaaXBoard