| The vulnerability, identified as CVE-2021-46927, affects the Linux kernel's nitro_enclaves module. Specifically, it occurs when setting enclave memory regions using `get_user_pages()` without proper locking, leading to an `mmap_assert_locked()` failure. |
| |
| The issue arises because of a commit (5b78ed24e8ec) that added `mmap_assert_locked()` annotations to the `find_vma*()` functions. This change causes the `get_user_pages()` call to trigger the `mmap_assert_locked()` check, which fails due to the lack of proper locking. |
| |
| To fix this issue, the kernel developers replaced the `get_user_pages()` call with `get_user_pages_unlocked()`, similar to how `mmap_read_lock()` is used in conjunction with `get_user_pages()`. This ensures that the necessary locks are held when setting enclave memory regions. |
| |
| The vulnerability was introduced in Linux kernel version 5.15 and fixed in versions 5.15.13 and 5.16. The affected file is `drivers/virt/nitro_enclaves/ne_misc_dev.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the provided commits. |
| |
