CVE-2021-47226 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability occurs in the Linux kernel's x86 floating-point unit (FPU) handling, specifically in the `__fpu__restore_sig()` function. This function can execute an XRSTOR instruction while preserving hardware registers on behalf of a different task using the `fpu_fpregs_owner_ctx` mechanism. However, if XRSTOR fails with a page fault (#PF), it may still modify the FPU registers.

 In this scenario, there is a window where `__fpu__restore_sig()` could schedule out and the victim task could schedule back in without reloading its own FPU registers. This would result in part of the FPU state that `__fpu__restore_sig()` was attempting to load leaking into the victim task's user-visible state.

 To prevent this corruption, the fix involves invalidating preserved FPU registers on XRSTOR failure. The vulnerability was introduced in Linux kernel version 5.2 and has been fixed in versions 5.10.46, 5.12.13, and 5.13. The affected file is `arch/x86/kernel/fpu/signal.c`.
	The vulnerability occurs in the Linux kernel's x86 floating-point unit (FPU) handling, specifically in the `__fpu__restore_sig()` function. This function can execute an XRSTOR instruction while preserving hardware registers on behalf of a different task using the `fpu_fpregs_owner_ctx` mechanism. However, if XRSTOR fails with a page fault (#PF), it may still modify the FPU registers.

	In this scenario, there is a window where `__fpu__restore_sig()` could schedule out and the victim task could schedule back in without reloading its own FPU registers. This would result in part of the FPU state that `__fpu__restore_sig()` was attempting to load leaking into the victim task's user-visible state.

	To prevent this corruption, the fix involves invalidating preserved FPU registers on XRSTOR failure. The vulnerability was introduced in Linux kernel version 5.2 and has been fixed in versions 5.10.46, 5.12.13, and 5.13. The affected file is `arch/x86/kernel/fpu/signal.c`.