{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-42240", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.253Z", "datePublished": "2024-08-07T15:14:27.977Z", "dateUpdated": "2026-05-23T15:52:28.123Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:52:28.123Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n <#DB>\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \n \n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \n\n [ bp: Massage commit message. ]" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "arch/x86/entry/entry_64_compat.S" ], "versions": [ { "version": "bd53ec80f21839cfd4d852a6088279d602d67e5b", "lessThan": "db56615e96c439e13783d7715330e824b4fd4b84", "status": "affected", "versionType": "git" }, { "version": "07dbb10f153f483e8249acebdffedf922e2ec2e1", "lessThan": "a765679defe1dc1b8fa01928a6ad6361e72a1364", "status": "affected", "versionType": "git" }, { "version": "eb36b0dce2138581bc6b5e39d0273cb4c96ded81", "lessThan": "dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf", "status": "affected", "versionType": "git" }, { "version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5", "lessThan": "08518d48e5b744620524f0acd7c26c19bda7f513", "status": "affected", "versionType": "git" }, { "version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5", "lessThan": "ac8b270b61d48fcc61f052097777e3b5e11591e0", "status": "affected", "versionType": "git" }, { "version": "8f51637712e4da5be410a1666f8aee0d86eef898", "status": "affected", "versionType": "git" }, { "version": "5.15.154", "lessThan": "5.15.163", "status": "affected", "versionType": "semver" }, { "version": "6.1.85", "lessThan": "6.1.100", "status": "affected", "versionType": "semver" }, { "version": "6.6.26", "lessThan": "6.6.41", "status": "affected", "versionType": "semver" }, { "version": "6.8.5", "lessThan": "6.9", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "arch/x86/entry/entry_64_compat.S" ], "versions": [ { "version": "6.9", "status": "affected" }, { "version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.154", "versionEndExcluding": "5.15.163" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.85", "versionEndExcluding": "6.1.100" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.26", "versionEndExcluding": "6.6.41" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.9.10" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.10" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.5" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84" }, { "url": "https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364" }, { "url": "https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf" }, { "url": "https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513" }, { "url": "https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0" } ], "title": "x86/bhi: Avoid warning in #DB handler due to BHI mitigation", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2024-42240", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2024-09-10T16:13:51.001454Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:31.693Z" } }, { "title": "CVE Program Container", "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:02:42.210Z" } } ] } }