CVE-2024-46794: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's TDX (Trust Domain Extensions) implementation, specifically in the mmio_read() function. The vulnerability, identified as CVE-2024-46794, was discovered by Sean Christopherson and involves an unintentional data leak where an initialized variable (val) on the stack is exposed to the Virtual Machine Monitor (VMM). The issue affects Linux kernel versions up to 5.19 and from 6.1 up to versions before 6.1.110, as well as other version ranges (NVD).

The vulnerability exists in the mmio_read() function which makes a TDVMCALL to retrieve MMIO (Memory-Mapped I/O) data for an address from the VMM. The function unintentionally exposed the value of an initialized variable (val) on the stack to the VMM, even though this variable was only needed as an output value. The issue stems from the unnecessary passing of the original value of *val to the VMM through the r15 register during the hypercall (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 score of 3.3 (Low) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows for information disclosure where sensitive data from the kernel stack could potentially be leaked to the Virtual Machine Monitor. The impact is limited as it requires local access and only affects systems using Intel TDX technology (NVD).

The vulnerability has been fixed in various Linux kernel versions. Ubuntu has released patches for version 24.04 LTS (Noble) with Linux kernel 6.8.0-50.51, and similar fixes have been applied to other distributions. The fix involves removing the line that passes the original value of *val to the VMM through the r15 register (Ubuntu).