CVE-2021-47110

Summary

In the Linux kernel, the following vulnerability has been resolved:

x86/kvm: Disable kvmclock on all CPUs on shutdown

Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate.

Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock remains usable and correct so we don't need to switch to some other clocksource.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1e977aa12dd4f80688b1f243762212e75c6d7fe8 < 9084fe1b3572664ad276f427dce575f580c9799aaffected
LinuxLinux1e977aa12dd4f80688b1f243762212e75c6d7fe8 < 3b0becf8b1ecf642a9edaf4c9628ffc641e490d6affected
LinuxLinux1e977aa12dd4f80688b1f243762212e75c6d7fe8 < 1df2dc09926f61319116c80ee85701df33577d70affected
LinuxLinux1e977aa12dd4f80688b1f243762212e75c6d7fe8 < c02027b5742b5aa804ef08a4a9db433295533046affected
LinuxLinux2.6.26affected
LinuxLinux0 < 2.6.26unaffected
LinuxLinux5.4.125 <= 5.4.*unaffected
LinuxLinux5.10.43 <= 5.10.*unaffected
LinuxLinux5.12.10 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References