CVE-2021-47389

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: SVM: fix missing sev_decommission in sev_receive_start<br /> <br /> DECOMMISSION the current SEV context if binding an ASID fails after<br /> RECEIVE_START. Per AMD&amp;#39;s SEV API, RECEIVE_START generates a new guest<br /> context and thus needs to be paired with DECOMMISSION:<br /> <br /> The RECEIVE_START command is the only command other than the LAUNCH_START<br /> command that generates a new guest context and guest handle.<br /> <br /> The missing DECOMMISSION can result in subsequent SEV launch failures,<br /> as the firmware leaks memory and might not able to allocate more SEV<br /> guest contexts in the future.<br /> <br /> Note, LAUNCH_START suffered the same bug, but was previously fixed by<br /> commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID<br /> binding fails").