CVE-2021-47008

{"id": "CVE-2021-47008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-28T09:15:38.560", "references": [{"url": "https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Make sure GHCB is mapped before updating\n\nAccess to the GHCB is mainly in the VMGEXIT path and it is known that the\nGHCB will be mapped. But there are two paths where it is possible the GHCB\nmight not be mapped.\n\nThe sev_vcpu_deliver_sipi_vector() routine will update the GHCB to inform\nthe caller of the AP Reset Hold NAE event that a SIPI has been delivered.\nHowever, if a SIPI is performed without a corresponding AP Reset Hold,\nthen the GHCB might not be mapped (depending on the previous VMEXIT),\nwhich will result in a NULL pointer dereference.\n\nThe svm_complete_emulated_msr() routine will update the GHCB to inform\nthe caller of a RDMSR/WRMSR operation about any errors. While it is likely\nthat the GHCB will be mapped in this situation, add a safe guard\nin this path to be certain a NULL pointer dereference is not encountered."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: SVM: aseg\u00farese de que GHCB est\u00e9 mapeado antes de actualizar. El acceso al GHCB se encuentra principalmente en la ruta VMGEXIT y se sabe que el GHCB ser\u00e1 mapeado. Pero hay dos caminos en los que es posible que el GHCB no est\u00e9 mapeado. La rutina sev_vcpu_deliver_sipi_vector() actualizar\u00e1 el GHCB para informar a la persona que llama del evento AP Reset Hold NAE que se ha entregado un SIPI. Sin embargo, si se realiza una SIPI sin una retenci\u00f3n de reinicio de AP correspondiente, es posible que el GHCB no se asigne (dependiendo del VMEXIT anterior), lo que resultar\u00e1 en una desreferencia del puntero NULL. La rutina svm_complete_emulated_msr() actualizar\u00e1 el GHCB para informar a la persona que llama de una operaci\u00f3n RDMSR/WRMSR sobre cualquier error. Si bien es probable que el GHCB se asigne en esta situaci\u00f3n, agregue una protecci\u00f3n en esta ruta para asegurarse de que no se encuentre una desreferencia de puntero NULL."}], "lastModified": "2024-12-09T18:24:06.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E", "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B", "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}