CVE-2024-44948

x86/mtrr: Check if fixed MTRRs exist before saving them

Description

In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this separate bit set, so it went unnoticed that mtrr_save_state() does not check the capability bit before accessing the fixed MTRR MSRs. Though on a CPU that does not support the fixed MTRR capability this results in a #GP. The #GP itself is harmless because the RDMSR fault is handled gracefully, but results in a WARN_ON(). Add the missing capability check to prevent this.

N/A
CVSS
Severity:
EPSS 0.18%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e
https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9
https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051
https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16
https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7
https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462
https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6
https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614

Frequently Asked Questions

What is the severity of CVE-2024-44948?
CVE-2024-44948 has not yet been assigned a CVSS score.
How to fix CVE-2024-44948?
To fix CVE-2024-44948, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44948 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-44948 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44948?
CVE-2024-44948 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.