Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47407
HistoryMay 21, 2024 - 3:03 p.m.

CVE-2021-47407 KVM: x86: Handle SRCU initialization failure during page track init

2024-05-2115:03:59
Linux
www.cve.org
cve-2021-47407
kvm
x86
linux kernel
vulnerability
srcu initialization
page track init
oom
null pointer deref
syzkaller

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Handle SRCU initialization failure during page track init

Check the return of init_srcu_struct(), which can fail due to OOM, when
initializing the page track mechanism. Lack of checking leads to a NULL
pointer deref found by a modified syzkaller.

[Move the call towards the beginning of kvm_arch_init_vm. - Paolo]

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/include/asm/kvm_page_track.h",
      "arch/x86/kvm/mmu/page_track.c",
      "arch/x86/kvm/x86.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "deb294941767",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "4664318f73e4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "eb7511bf9182",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/include/asm/kvm_page_track.h",
      "arch/x86/kvm/mmu/page_track.c",
      "arch/x86/kvm/x86.c"
    ],
    "versions": [
      {
        "version": "5.10.71",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14.10",
        "lessThanOrEqual": "5.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
debiancve 1
cve 1
redhatcve 1
nvd 1
nessus 2
ubuntucve
ubuntucve
CVE-2021-47407
2024-05-21 00:00:00
debiancve
debiancve
CVE-2021-47407
2024-05-21 15:15:26
cve
cve
CVE-2021-47407
2024-05-21 15:15:26
redhatcve
redhatcve
CVE-2021-47407
2024-05-22 08:58:22
nvd
nvd
CVE-2021-47407
2024-05-21 15:15:26
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
2024-06-14 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
2024-06-13 00:00:00

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for CVELIST:CVE-2021-47407
ubuntucve1debiancve1cve1redhatcve1nvd1nessus2