CVE-2024-5660: This issue could allow a modified, untrusted guest operating system to compromise the host in certain hypervisor environments. (11 Dec 2024)

Preface: NVIDIA Jetson™ is the world’s leading embedded AI computing platform with an integrated Arm CPU.

Background: The owning translation regime uses its address translation table data to determine the properties of the trace data transactions written to system memory.

CPUECTLR_EL1 is a 64-bit register, and is part of the 64-bit registers functional group. This register resets to value 0x0000000961563000. The CPUECTLR_EL1 register contains IMPLEMENTATION DEFINED configuration and control options for the MMU.

Stage 2 translation allows a hypervisor to control a view of memory in a Virtual Machine (VM). Specifically, it allows the hypervisor to control which memory-mapped system resources a VM can access, and where those resources appear in the address space of the VM.

Vulnerability details: When Hardware Page Aggregation (HPA) is enabled and Stage-1 and/or Stage-2 translation is enabled for the active translation regime, memory accesses may be translated incorrectly. This may permit bypass of Stage-2 translation and/or GPT protection

Affected products : A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925, Travis

Recommendations : The issue can be avoided by setting CPUECTLR_EL1[46] to 1 which will disable hardware page aggregation

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.