On 5/20/24 16:04, Michael Ellerman wrote: > Greg Kroah-Hartman <gre...@linuxfoundation.org> writes: >> Description >> =========== >> >> In the Linux kernel, the following vulnerability has been resolved: >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way >> that is incompatible with the current code for the PS3's LV1 hypervisor >> calls. >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not >> set' >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. >> >> Fixes run time errors like these: >> >> BUG: Kernel NULL pointer dereference at 0x00000000 >> Faulting instruction address: 0xc000000000047cf0 >> Oops: Kernel access of bad area, sig: 11 [#1] >> Call Trace: >> [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 >> (unreliable) >> [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4 >> [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8 >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. > > IMHO this doesn't warrant a CVE. The crash mentioned above happens at > boot, so the system is not vulnerable it's just broken :)
As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't boot, so there is no chance of a vulnerability. -Geoff