{"id":"CVE-2024-42240","summary":"x86/bhi: Avoid warning in #DB handler due to BHI mitigation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n  $ cat sysenter_step.c\n  int main()\n  { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n  $ gcc -o sysenter_step sysenter_step.c\n\n  $ ./sysenter_step\n  Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n  WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n  ...\n  RIP: 0010:exc_debug_kernel+0xd2/0x160\n  ...\n  Call Trace:\n  \u003c#DB\u003e\n   ? show_regs+0x68/0x80\n   ? __warn+0x8c/0x140\n   ? exc_debug_kernel+0xd2/0x160\n   ? report_bug+0x175/0x1a0\n   ? handle_bug+0x44/0x90\n   ? exc_invalid_op+0x1c/0x70\n   ? asm_exc_invalid_op+0x1f/0x30\n   ? exc_debug_kernel+0xd2/0x160\n   exc_debug+0x43/0x50\n   asm_exc_debug+0x1e/0x40\n  RIP: 0010:clear_bhb_loop+0x0/0xb0\n  ...\n  \u003c/#DB\u003e\n  \u003cTASK\u003e\n   ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n  \u003c/TASK\u003e\n\n  [ bp: Massage commit message. ]","modified":"2026-04-02T12:17:53.278009Z","published":"2024-08-07T15:14:27.977Z","related":["ALSA-2024:7000","ALSA-2024:7001","SUSE-SU-2024:3189-1","SUSE-SU-2024:3190-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3251-1","SUSE-SU-2024:3252-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3483-1","SUSE-SU-2025:1027-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42240.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42240.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42240"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bd53ec80f21839cfd4d852a6088279d602d67e5b"},{"fixed":"db56615e96c439e13783d7715330e824b4fd4b84"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"07dbb10f153f483e8249acebdffedf922e2ec2e1"},{"fixed":"a765679defe1dc1b8fa01928a6ad6361e72a1364"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"eb36b0dce2138581bc6b5e39d0273cb4c96ded81"},{"fixed":"dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7390db8aea0d64e9deb28b8e1ce716f5020c7ee5"},{"fixed":"08518d48e5b744620524f0acd7c26c19bda7f513"},{"fixed":"ac8b270b61d48fcc61f052097777e3b5e11591e0"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"8f51637712e4da5be410a1666f8aee0d86eef898"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42240.json"}}],"schema_version":"1.7.5"}