diff options
Diffstat (limited to 'cve/published/2021/CVE-2021-47217.mbox')
| -rw-r--r-- | cve/published/2021/CVE-2021-47217.mbox | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/cve/published/2021/CVE-2021-47217.mbox b/cve/published/2021/CVE-2021-47217.mbox new file mode 100644 index 00000000..f8b101d5 --- /dev/null +++ b/cve/published/2021/CVE-2021-47217.mbox @@ -0,0 +1,92 @@ +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47217: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails +Message-Id: <2024041006-CVE-2021-47217-a7d0@gregkh> +Content-Length: 3073 +Lines: 75 +X-Developer-Signature: v=1; a=openpgp-sha256; l=3149; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=KbbnrmDld8R0xI1hxEmCtHuymQ8xtGMpt7EoBHJWnKU=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGlij/TO6f0MqJTu5Oza7T1t7u2L81SWbFmT7/GS29no3 + aHz+3Knd8SyMAgyMciKKbJ82cZzdH/FIUUvQ9vTMHNYmUCGMHBxCsBEDr9lmJ/2+MS/zNUT6tsd + uKIDrmzw1e1f2sswPzv42LUlv+aEGTfdNzw42z8mecvi9QA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails + +Check for a valid hv_vp_index array prior to derefencing hv_vp_index when +setting Hyper-V's TSC change callback. If Hyper-V setup failed in +hyperv_init(), the kernel will still report that it's running under +Hyper-V, but will have silently disabled nearly all functionality. + + BUG: kernel NULL pointer dereference, address: 0000000000000010 + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD 0 P4D 0 + Oops: 0000 [#1] SMP + CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 + Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 + RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 + Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 + ... + Call Trace: + kvm_arch_init+0x17c/0x280 + kvm_init+0x31/0x330 + vmx_init+0xba/0x13a + do_one_initcall+0x41/0x1c0 + kernel_init_freeable+0x1f2/0x23b + kernel_init+0x16/0x120 + ret_from_fork+0x22/0x30 + +The Linux kernel CVE team has assigned CVE-2021-47217 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.16 with commit 93286261de1b and fixed in 4.19.218 with commit b20ec58f8a6f + Issue introduced in 4.16 with commit 93286261de1b and fixed in 5.4.162 with commit b0e44dfb4e4c + Issue introduced in 4.16 with commit 93286261de1b and fixed in 5.10.82 with commit 9c177eee116c + Issue introduced in 4.16 with commit 93286261de1b and fixed in 5.15.5 with commit 8823ea27fff6 + Issue introduced in 4.16 with commit 93286261de1b and fixed in 5.16 with commit daf972118c51 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47217 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + arch/x86/hyperv/hv_init.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b20ec58f8a6f4fef32cc71480ddf824584e24743 + https://git.kernel.org/stable/c/b0e44dfb4e4c699cca33ede431b8d127e6e8d661 + https://git.kernel.org/stable/c/9c177eee116cf888276d3748cb176e72562cfd5c + https://git.kernel.org/stable/c/8823ea27fff6084bbb4bc71d15378fae0220b1d8 + https://git.kernel.org/stable/c/daf972118c517b91f74ff1731417feb4270625a4 |