Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2021-47389
HistoryMay 21, 2024 - 3:03 p.m.

CVE-2021-47389 KVM: SVM: fix missing sev_decommission in sev_receive_start

2024-05-2115:03:48
Linux
github.com
kernel
kvm
svm
amd
sev api
vulnerability

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: fix missing sev_decommission in sev_receive_start

DECOMMISSION the current SEV context if binding an ASID fails after
RECEIVE_START. Per AMD’s SEV API, RECEIVE_START generates a new guest
context and thus needs to be paired with DECOMMISSION:

 The RECEIVE_START command is the only command other than the LAUNCH_START
 command that generates a new guest context and guest handle.

The missing DECOMMISSION can result in subsequent SEV launch failures,
as the firmware leaks memory and might not able to allocate more SEV
guest contexts in the future.

Note, LAUNCH_START suffered the same bug, but was previously fixed by
commit 934002cd660b (“KVM: SVM: Call SEV Guest Decommission if ASID
binding fails”).

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/kvm/svm/sev.c"
    ],
    "versions": [
      {
        "version": "af43cbbf954b",
        "lessThan": "efd7866e114d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "af43cbbf954b",
        "lessThan": "f1815e0aa770",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/kvm/svm/sev.c"
    ],
    "versions": [
      {
        "version": "5.13",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.13",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14.10",
        "lessThanOrEqual": "5.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
debiancve 1
redhatcve 1
cve 1
ubuntucve 1
nvd 1
nessus 2
cvelist
cvelist
CVE-2021-47389 KVM: SVM: fix missing sev_decommission in sev_receive_start
2024-05-21 15:03:48
debiancve
debiancve
CVE-2021-47389
2024-05-21 15:15:24
redhatcve
redhatcve
CVE-2021-47389
2024-05-22 10:20:35
cve
cve
CVE-2021-47389
2024-05-21 15:15:24
ubuntucve
ubuntucve
CVE-2021-47389
2024-05-21 00:00:00
nvd
nvd
CVE-2021-47389
2024-05-21 15:15:24
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
2024-06-13 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
2024-06-14 00:00:00

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for VULNRICHMENT:CVE-2021-47389
cvelist1debiancve1redhatcve1cve1ubuntucve1nvd1nessus2