CVE-2021-47262
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
30/04/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message<br />
<br />
Use the __string() machinery provided by the tracing subystem to make a<br />
copy of the string literals consumed by the "nested VM-Enter failed"<br />
tracepoint. A complete copy is necessary to ensure that the tracepoint<br />
can&#39;t outlive the data/memory it consumes and deference stale memory.<br />
<br />
Because the tracepoint itself is defined by kvm, if kvm-intel and/or<br />
kvm-amd are built as modules, the memory holding the string literals<br />
defined by the vendor modules will be freed when the module is unloaded,<br />
whereas the tracepoint and its data in the ring buffer will live until<br />
kvm is unloaded (or "indefinitely" if kvm is built-in).<br />
<br />
This bug has existed since the tracepoint was added, but was recently<br />
exposed by a new check in tracing to detect exactly this type of bug.<br />
<br />
fmt: &#39;%s%s<br />
&#39; current_buffer: &#39; vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: &#39;<br />
WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0<br />
CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184<br />
Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014<br />
RIP: 0010:trace_check_vprintf+0x3be/0x3e0<br />
Code: 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20<br />
RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282<br />
RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027<br />
RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8<br />
RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8<br />
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4<br />
R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000<br />
FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0<br />
Call Trace:<br />
trace_event_printf+0x5e/0x80<br />
trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm]<br />
print_trace_line+0x1dd/0x4e0<br />
s_show+0x45/0x150<br />
seq_read_iter+0x2d5/0x4c0<br />
seq_read+0x106/0x150<br />
vfs_read+0x98/0x180<br />
ksys_read+0x5f/0xe0<br />
do_syscall_64+0x40/0xb0<br />
entry_SYSCALL_64_after_hwframe+0x44/0xae
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4 (including) | 5.4.126 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.44 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.12.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc
- https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275
- https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888
- https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960
- https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc
- https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275
- https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888
- https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960