Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2021 / CVE-2021-47090.json
blob: 34f0ca53aec6c79510a20a661046262e2006c2f3 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()\n\nHulk Robot reported a panic in put_page_testzero() when testing\nmadvise() with MADV_SOFT_OFFLINE. The BUG() is triggered when retrying\nget_any_page(). This is because we keep MF_COUNT_INCREASED flag in\nsecond try but the refcnt is not increased.\n\n page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)\n ------------[ cut here ]------------\n kernel BUG at include/linux/mm.h:737!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 5 PID: 2135 Comm: sshd Tainted: G B 5.16.0-rc6-dirty #373\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n RIP: release_pages+0x53f/0x840\n Call Trace:\n free_pages_and_swap_cache+0x64/0x80\n tlb_flush_mmu+0x6f/0x220\n unmap_page_range+0xe6c/0x12c0\n unmap_single_vma+0x90/0x170\n unmap_vmas+0xc4/0x180\n exit_mmap+0xde/0x3a0\n mmput+0xa3/0x250\n do_exit+0x564/0x1470\n do_group_exit+0x3b/0x100\n __do_sys_exit_group+0x13/0x20\n __x64_sys_exit_group+0x16/0x20\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in:\n ---[ end trace e99579b570fe0649 ]---\n RIP: 0010:release_pages+0x53f/0x840"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"mm/memory-failure.c"
],
"versions": [
{
"version": "b94e02822debdf0cc473556aad7dcc859f216653",
"lessThan": "1f207076740101fed87074a6bc924dbe806f08a5",
"status": "affected",
"versionType": "git"
},
{
"version": "b94e02822debdf0cc473556aad7dcc859f216653",
"lessThan": "c691e7575eff76e563b0199c23ec46bd454f43e3",
"status": "affected",
"versionType": "git"
},
{
"version": "b94e02822debdf0cc473556aad7dcc859f216653",
"lessThan": "2a57d83c78f889bf3f54eede908d0643c40d5418",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"mm/memory-failure.c"
],
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.89",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.12",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.15.12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.16"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1f207076740101fed87074a6bc924dbe806f08a5"
},
{
"url": "https://git.kernel.org/stable/c/c691e7575eff76e563b0199c23ec46bd454f43e3"
},
{
"url": "https://git.kernel.org/stable/c/2a57d83c78f889bf3f54eede908d0643c40d5418"
}
],
"title": "mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2021-47090",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}