This Patch Tuesday the only new security fix merged to the Linux kernel is addressing a vulnerability affecting AMD SEV-SNP secure virtual machines.
Merged a few minutes ago to Linux Git is a mitigation for a cache coherency issue affecting AMD’s Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) implementation. The commit explains:
“Add a mitigation for a cache coherency vulnerability when running an SNP guest which makes sure all cache lines belonging to a 4K page are evicted after latter has been converted to a guest-private page
[ SNP: Secure Nested Paging – not to be confused with Single Nucleotide Polymorphism, which is the more common use of that TLA. I am on a mission to write out the more obscure TLAs in order to keep track of them.
Because while math tells us that there are only about 17k different combinations of three-letter acronyms using English letters (26^3), I am convinced that somehow Intel, AMD and ARM have together figured out new mathematics, and have at least a million different TLAs that they use. – Linus ]”
The mitigation is just a few dozen lines and involves evicting cache lines during SEV-SNP memory validation for making it private memory. Some newer processors or at least via firmware update are not affected by this SNP cache coherency vulnerability.
This issue is under CVE-2024-36331 and has a CVSS rating of 3.2 low. It’s described as:
“Improper management of cache coherency by the CPU could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory, resulting in loss of data integrity.”
That seems to be it for the new Linux kernel patches for August’s Patch Tuesday.
