{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T19:03:46.100","vulnerabilities":[{"cve":{"id":"CVE-2023-52568","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-03-02T22:15:49.120","lastModified":"2024-12-11T16:23:49.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Resolves SECS reclaim vs. page fault for EAUG race\n\nThe SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an\nenclave and set secs.epc_page to NULL. The SECS page is used for EAUG\nand ELDU in the SGX page fault handler. However, the NULL check for\nsecs.epc_page is only done for ELDU, not EAUG before being used.\n\nFix this by doing the same NULL check and reloading of the SECS page as\nneeded for both EAUG and ELDU.\n\nThe SECS page holds global enclave metadata. It can only be reclaimed\nwhen there are no other enclave pages remaining. At that point,\nvirtually nothing can be done with the enclave until the SECS page is\npaged back in.\n\nAn enclave can not run nor generate page faults without a resident SECS\npage. But it is still possible for a #PF for a non-SECS page to race\nwith paging out the SECS page: when the last resident non-SECS page A\ntriggers a #PF in a non-resident page B, and then page A and the SECS\nboth are paged out before the #PF on B is handled.\n\nHitting this bug requires that race triggered with a #PF for EAUG.\nFollowing is a trace when it happens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:sgx_encl_eaug_page+0xc7/0x210\nCall Trace:\n ? __kmem_cache_alloc_node+0x16a/0x440\n ? xa_load+0x6e/0xa0\n sgx_vma_fault+0x119/0x230\n __do_fault+0x36/0x140\n do_fault+0x12f/0x400\n __handle_mm_fault+0x728/0x1110\n handle_mm_fault+0x105/0x310\n do_user_addr_fault+0x1ee/0x750\n ? __this_cpu_preempt_check+0x13/0x20\n exc_page_fault+0x76/0x180\n asm_exc_page_fault+0x27/0x30"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/sgx: Resuelve reclamación SECS versus error de página para la ejecución EAUG. El recuperador SGX EPC (ksgxd) puede reclamar la página SECS EPC para un enclave y establecer secs.epc_page en NULL. La página SECS se utiliza para EAUG y ELDU en el controlador de fallas de la página SGX. Sin embargo, la verificación NULL para secs.epc_page solo se realiza para ELDU, no para EAUG, antes de usarse. Solucione este problema haciendo la misma verificación NULL y recargando la página SECS según sea necesario tanto para EAUG como para ELDU. La página SECS contiene metadatos del enclave global. Solo se puede reclamar cuando no quedan otras páginas del enclave. En ese punto, prácticamente no se puede hacer nada con el enclave hasta que se vuelva a paginar la página SECS. Un enclave no puede ejecutarse ni generar errores de página sin una página SECS residente. Pero aún es posible que un #PF para una página que no es SECS se compita con la paginación de la página SECS: cuando la última página A residente que no es SECS activa un #PF en una página B no residente, y luego la página A y Ambos SECS se paginan antes de que se maneje el #PF en B. Para solucionar este error es necesario que la ejecución se active con un #PF para EAUG. A continuación se muestra un rastro de cuando sucede. ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000 RIP: 0010:sgx_encl_eaug_page+0xc7/0x210 Seguimiento de llamadas:? __kmem_cache_alloc_node+0x16a/0x440 ? xa_load+0x6e/0xa0 sgx_vma_fault+0x119/0x230 __do_fault+0x36/0x140 do_fault+0x12f/0x400 __handle_mm_fault+0x728/0x1110 handle_mm_fault+0x105/0x310 do_user_addr_fault+0x1ee/ 0x750? __this_cpu_preempt_check+0x13/0x20 exc_page_fault+0x76/0x180 asm_exc_page_fault+0x27/0x30"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.56","matchCriteriaId":"88CD6F0B-B968-414C-86CA-2E442AEA0EA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.5.6","matchCriteriaId":"870FC772-173A-4A0F-B1AF-7976AD6057D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*","matchCriteriaId":"84267A4F-DBC2-444F-B41D-69E15E1BEC97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*","matchCriteriaId":"FB440208-241C-4246-9A83-C1715C0DAA6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*","matchCriteriaId":"0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}