CVE-2021-47407
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Handle SRCU initialization failure during page track init
Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller.
[Move the call towards the beginning of kvm_arch_init_vm. - Paolo]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0eb05bf290cfe8610d9680b49abef37febd1c38a < deb2949417677649e2413266d7ce8c2ff73952b4 | affected |
| Linux | Linux | 0eb05bf290cfe8610d9680b49abef37febd1c38a < 4664318f73e496cd22c71b10888e75434a123e23 | affected |
| Linux | Linux | 0eb05bf290cfe8610d9680b49abef37febd1c38a < eb7511bf9182292ef1df1082d23039e856d1ddfb | affected |
| Linux | Linux | 4.6 | affected |
| Linux | Linux | 0 < 4.6 | unaffected |
| Linux | Linux | 5.10.71 <= 5.10.* | unaffected |
| Linux | Linux | 5.14.10 <= 5.14.* | unaffected |
| Linux | Linux | 5.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/deb2949417677649e2413266d7ce8c2ff73952b4
- https://git.kernel.org/stable/c/4664318f73e496cd22c71b10888e75434a123e23
- https://git.kernel.org/stable/c/eb7511bf9182292ef1df1082d23039e856d1ddfb
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/deb2949417677649e2413266d7ce8c2ff73952b4
- https://git.kernel.org/stable/c/4664318f73e496cd22c71b10888e75434a123e23
- https://git.kernel.org/stable/c/eb7511bf9182292ef1df1082d23039e856d1ddfb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.