Bug 1220480 (CVE-2021-46928)

Summary: VUL-0: CVE-2021-46928: kernel: parisc: Clear stale IIR value on instruction access rights trap
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gianluca.gabrielli, jlee, mkoutny, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/395283/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-46928:4.1:(AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-27 15:48:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

parisc: Clear stale IIR value on instruction access rights trap

When a trap 7 (Instruction access rights) occurs, this means the CPU
couldn't execute an instruction due to missing execute permissions on
the memory region.  In this case it seems the CPU didn't even fetched
the instruction from memory and thus did not store it in the cr19 (IIR)
register before calling the trap handler. So, the trap handler will find
some random old stale value in cr19.

This patch simply overwrites the stale IIR value with a constant magic
"bad food" value (0xbaadf00d), in the hope people don't start to try to
understand the various random IIR values in trap 7 dumps.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46928
https://git.kernel.org/stable/c/d01e9ce1af6116f812491d3d3873d204f10ae0b8
https://git.kernel.org/stable/c/e96373f0a5f484bc1e193f9951dcb3adf24bf3f7
https://www.cve.org/CVERecord?id=CVE-2021-46928
https://git.kernel.org/stable/c/484730e5862f6b872dca13840bed40fd7c60fa26