Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47463

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
22/05/2024
Last modified:
15/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/secretmem: fix NULL page-&gt;mapping dereference in page_is_secretmem()<br /> <br /> Check for a NULL page-&gt;mapping before dereferencing the mapping in<br /> page_is_secretmem(), as the page&amp;#39;s mapping can be nullified while gup()<br /> is running, e.g. by reclaim or truncation.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000068<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 6 PID: 4173897 Comm: CPU 3/KVM Tainted: G W<br /> RIP: 0010:internal_get_user_pages_fast+0x621/0x9d0<br /> Code: 81 7a 68 80 08 04 bc 0f 85 21 ff ff 8 89 c7 be<br /> RSP: 0018:ffffaa90087679b0 EFLAGS: 00010046<br /> RAX: ffffe3f37905b900 RBX: 00007f2dd561e000 RCX: ffffe3f37905b934<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffe3f37905b900<br /> ...<br /> CR2: 0000000000000068 CR3: 00000004c5898003 CR4: 00000000001726e0<br /> Call Trace:<br /> get_user_pages_fast_only+0x13/0x20<br /> hva_to_pfn+0xa9/0x3e0<br /> try_async_pf+0xa1/0x270<br /> direct_page_fault+0x113/0xad0<br /> kvm_mmu_page_fault+0x69/0x680<br /> vmx_handle_exit+0xe1/0x5d0<br /> kvm_arch_vcpu_ioctl_run+0xd81/0x1c70<br /> kvm_vcpu_ioctl+0x267/0x670<br /> __x64_sys_ioctl+0x83/0xa0<br /> do_syscall_64+0x56/0x80<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.14 (including) 5.14.15 (excluding)
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools