{
  "threat_severity" : "Low",
  "public_date" : "2024-05-20T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses",
    "id" : "2282088",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2282088"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nACPI: CPPC: Use access_width over bit_width for system memory accesses\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\nSError Interrupt on CPU26, code 0xbe000011 -- SError\nCPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\nHardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\npstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\npc : cppc_get_perf_caps+0xec/0x410\nlr : cppc_get_perf_caps+0xe8/0x410\nsp : ffff8000155ab730\nx29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\nx26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\nx23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\nx20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\nx17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\nx14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\nx11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\nx8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\nx5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\nx2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\nKernel panic - not syncing: Asynchronous SError Interrupt\nCPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\nHardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\nCall trace:\ndump_backtrace+0x0/0x1e0\nshow_stack+0x24/0x30\ndump_stack_lvl+0x8c/0xb8\ndump_stack+0x18/0x34\npanic+0x16c/0x384\nadd_taint+0x0/0xc0\narm64_serror_panic+0x7c/0x90\narm64_is_fatal_ras_serror+0x34/0xa4\ndo_serror+0x50/0x6c\nel1h_64_error_handler+0x40/0x74\nel1h_64_error+0x7c/0x80\ncppc_get_perf_caps+0xec/0x410\ncppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\ncpufreq_online+0x2dc/0xa30\ncpufreq_add_dev+0xc0/0xd4\nsubsys_interface_register+0x134/0x14c\ncpufreq_register_driver+0x1b0/0x354\ncppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\ndo_one_initcall+0x50/0x250\ndo_init_module+0x60/0x27c\nload_module+0x2300/0x2570\n__do_sys_finit_module+0xa8/0x114\n__arm64_sys_finit_module+0x2c/0x3c\ninvoke_syscall+0x78/0x100\nel0_svc_common.constprop.0+0x180/0x1a0\ndo_el0_svc+0x84/0xa0\nel0_svc+0x2c/0xc0\nel0t_64_sync_handler+0xa4/0x12c\nel0t_64_sync+0x1a4/0x1a8\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\nIf access_width is not set, then fall back to using bit_width.\n[ rjw: Subject and changelog edits, comment adjustments ]", "A vulnerability was found in the ACPI subsystem's CPPC driver in the Linux kernel. This issue occurs due to the mishandling of memory access bit width during performance capability calculations, which can lead to misaligned memory accesses and cause kernel panics on affected platforms." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35995\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35995\nhttps://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T" ],
  "name" : "CVE-2024-35995",
  "csaw" : false
}