| The vulnerability, CVE-2021-47389, affects the Linux kernel's KVM (Kernel-based Virtual Machine) implementation of AMD's SEV (Secure Encrypted Virtualization) technology. Specifically, it occurs in the `sev_receive_start` function, which is responsible for receiving a new guest context from the SEV firmware. |
| |
| The issue arises when binding an ASID (Address Space Identifier) fails after the `RECEIVE_START` command is sent to the SEV firmware. In this scenario, the current SEV context should be decommissioned using the `sev_decommission` function. However, this step was missing in the original implementation. |
| |
| As a result, subsequent SEV launch failures can occur due to memory leaks and the inability to allocate more SEV guest contexts in the future. This is because the `RECEIVE_START` command generates a new guest context and handle, which needs to be paired with a corresponding `DECOMMISSION` command to properly clean up resources. |
| |
| The vulnerability was introduced in kernel version 5.13 and was fixed in versions 5.14.10 and 5.15. The affected file is `arch/x86/kvm/svm/sev.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, the individual changes can be cherry-picked from the specified commits. |
| |
