CVE-2021-47061

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU

If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new null bus. Destroying devices before the bus is nullified could lead to use-after-free since readers expect the devices on their reference of the bus to remain valid.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 03c6cccedd3913006744faa252a4da5145299343affected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 4e899ca848636b37e9ac124bc1723862a7d7d927affected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 30f46c6993731efb2a690c9197c0fd9ed425da2daffected
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e < 2ee3757424be7c1cd1d0bbfa6db29a7edd82a250affected
LinuxLinuxf0dfffce3f4ffd5f822568a4a6fb34c010e939d1affected
LinuxLinux840e124f89a5127e7eb97ebf377f4b8ca745c070affected
LinuxLinux40a023f681befd9b2862a3c16fb306a38b359ae5affected
LinuxLinux19184bd06f488af62924ff1747614a8cb284ad63affected
LinuxLinux41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98daffected
LinuxLinux68c125324b5e1d1d22805653735442923d896a1daffected
LinuxLinux4.4.238 < 4.5affected
LinuxLinux4.9.238 < 4.10affected
LinuxLinux4.14.200 < 4.15affected
LinuxLinux4.19.148 < 4.20affected
LinuxLinux5.4.66 < 5.5affected
LinuxLinux5.8.10 < 5.9affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References