CVE-2021-47407

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Handle SRCU initialization failure during page track init

Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller.

[Move the call towards the beginning of kvm_arch_init_vm. - Paolo]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0eb05bf290cfe8610d9680b49abef37febd1c38a < deb2949417677649e2413266d7ce8c2ff73952b4affected
LinuxLinux0eb05bf290cfe8610d9680b49abef37febd1c38a < 4664318f73e496cd22c71b10888e75434a123e23affected
LinuxLinux0eb05bf290cfe8610d9680b49abef37febd1c38a < eb7511bf9182292ef1df1082d23039e856d1ddfbaffected
LinuxLinux4.6affected
LinuxLinux0 < 4.6unaffected
LinuxLinux5.10.71 <= 5.10.*unaffected
LinuxLinux5.14.10 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References