CVE-2021-47060

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't instantiate a new bus, unregister_dev() destroys all devices except the target device. But, it doesn't tell the caller that it obliterated the bus and invoked the destructor for all devices that were on the bus. In the coalesced MMIO case, this can result in a deleted list entry dereference due to attempting to continue iterating on coalesced_zones after future entries (in the walk) have been deleted.

Opportunistically add curly braces to the for-loop, which encompasses many lines but sneaks by without braces due to the guts being a single if statement.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d < 7d1bc32d6477ff96a32695ea4be8144e4513ab2daffected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 2a20592baff59c5351c5200ec667e1a2aa22af85affected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 168e82f640ed1891a700bdb43e37da354b2ab63caffected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 50cbad42bfea8c052b7ca590bd4126cdc898713caffected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 5d3c4c79384af06e3c8e25b7770b6247496b4417affected
LinuxLinuxf0dfffce3f4ffd5f822568a4a6fb34c010e939d1affected
LinuxLinux840e124f89a5127e7eb97ebf377f4b8ca745c070affected
LinuxLinux40a023f681befd9b2862a3c16fb306a38b359ae5affected
LinuxLinux19184bd06f488af62924ff1747614a8cb284ad63affected
LinuxLinux68c125324b5e1d1d22805653735442923d896a1daffected
LinuxLinux5.4.66 < 5.4.119affected
LinuxLinux4.4.238 < 4.5affected
LinuxLinux4.9.238 < 4.10affected
LinuxLinux4.14.200 < 4.15affected
LinuxLinux4.19.148 < 4.20affected
LinuxLinux5.8.10 < 5.9affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.4.119 <= 5.4.*unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References