CVE-2021-47228
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/ioremap: Map EFI-reserved memory as encrypted for SEV
Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve() is used to preserve it by inserting a new EFI memory descriptor and marking it with the EFI_MEMORY_RUNTIME attribute.
Under SEV, memory marked with the EFI_MEMORY_RUNTIME attribute needs to be mapped encrypted by Linux, otherwise the kernel might crash at boot like below:
EFI Variables Facility v0.08 2004-May-17 general protection fault, probably for non-canonical address 0x3597688770a868b2: 0000 [#1] SMP NOPTI CPU: 13 PID: 1 Comm: swapper/0 Not tainted 5.12.4-2-default #1 openSUSE Tumbleweed Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:efi_mokvar_entry_next […] Call Trace: efi_mokvar_sysfs_init ? efi_mokvar_table_init do_one_initcall ? __kmalloc kernel_init_freeable ? rest_init kernel_init ret_from_fork
Expand the __ioremap_check_other() function to additionally check for this other type of boot data reserved at runtime and indicate that it should be mapped encrypted for an SEV guest.
[ bp: Massage commit message. ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 58c909022a5a56cd1d9e89c8c5461fd1f6a27bb5 < 208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7 | affected |
| Linux | Linux | 58c909022a5a56cd1d9e89c8c5461fd1f6a27bb5 < b7a05aba39f733ec337c5b952e112dd2dc4fc404 | affected |
| Linux | Linux | 58c909022a5a56cd1d9e89c8c5461fd1f6a27bb5 < 8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b | affected |
| Linux | Linux | 5.10 | affected |
| Linux | Linux | 0 < 5.10 | unaffected |
| Linux | Linux | 5.10.46 <= 5.10.* | unaffected |
| Linux | Linux | 5.12.13 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7
- https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404
- https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b
References
- https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7
- https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404
- https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.