Linux · Linux Kernel · CVE-2024-50072
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to the fixed version
Description:
A general protection fault occurs in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This happens because segment registers with an arbitrary user value can result in #GP when executing VERW. The issue is resolved by using the code segment selector for the VERW operand, ensuring that VERW will not #GP for an arbitrary user %ds.
Recommendations:
Update to a version of the Linux kernel where the issue is resolved by using the code segment selector for the VERW operand.
As a temporary workaround, consider disabling VERW based mitigations like MDS/RFDS until a patch is available.