Lucene search

Ubuntu.comUB:CVE-2021-47062

HistoryFeb 29, 2024 - 12:00 a.m.

CVE-2021-47062

2024-02-2900:00:00

ubuntu.com

linux kernel

vulnerability

kvm

online_vcpus

vcpus

null-pointer dereference

created_vcpus

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: KVM:
SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs Use the
kvm_for_each_vcpu() helper to iterate over vCPUs when encrypting VMSAs for
SEV, which effectively switches to use online_vcpus instead of
created_vcpus. This fixes a possible null-pointer dereference as
created_vcpus does not guarantee a vCPU exists, since it is updated at the
very beginning of KVM_CREATE_VCPU. created_vcpus exists to allow the bulk
of vCPU creation to run in parallel, while still correctly restricting the
max number of max vCPUs.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux-gke< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN

References

git.kernel.org/linus/c36b16d29f3af5f32fc1b2a3401bf48f71cabee1 (5.13-rc1)

launchpad.net/bugs/cve/CVE-2021-47062

nvd.nist.gov/vuln/detail/CVE-2021-47062

security-tracker.debian.org/tracker/CVE-2021-47062

www.cve.org/CVERecord?id=CVE-2021-47062