CVE-2023-52597
KVM S390 Improper FP Context Switching
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c.
INFO
Published Date :
March 6, 2024, 7:15 a.m.
Last Modified :
March 14, 2025, 6:51 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
2.5
Exploitability Score :
1.4
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-52597.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-52597 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-52597 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 14, 2025
Action Type Old Value New Value Added CWE NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.149 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 from (excluding) 5.10.210 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.7.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.77 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 from (excluding) 5.4.269 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (excluding) 4.19.307 Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* Added Reference Type CVE: https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f Types: Patch Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3 Added Reference https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99 Added Reference https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 Added Reference https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 Added Reference https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 Added Reference https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2 Added Reference https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55 Added Reference https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 07, 2024
Action Type Old Value New Value Added CVSS V3.1 CISA-ADP AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 04, 2024
Action Type Old Value New Value Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 25, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 29, 2024
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 14, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 06, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. Added Reference Linux https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 [No types assigned] Added Reference Linux https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-52597 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-52597
weaknesses.