| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message\n\nUse the __string() machinery provided by the tracing subystem to make a\ncopy of the string literals consumed by the \"nested VM-Enter failed\"\ntracepoint. A complete copy is necessary to ensure that the tracepoint\ncan't outlive the data/memory it consumes and deference stale memory.\n\nBecause the tracepoint itself is defined by kvm, if kvm-intel and/or\nkvm-amd are built as modules, the memory holding the string literals\ndefined by the vendor modules will be freed when the module is unloaded,\nwhereas the tracepoint and its data in the ring buffer will live until\nkvm is unloaded (or \"indefinitely\" if kvm is built-in).\n\nThis bug has existed since the tracepoint was added, but was recently\nexposed by a new check in tracing to detect exactly this type of bug.\n\n fmt: '%s%s\n ' current_buffer: ' vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: '\n WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0\n CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184\n Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014\n RIP: 0010:trace_check_vprintf+0x3be/0x3e0\n Code: <0f> 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20\n RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027\n RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8\n RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8\n R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4\n R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000\n FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0\n Call Trace:\n trace_event_printf+0x5e/0x80\n trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm]\n print_trace_line+0x1dd/0x4e0\n s_show+0x45/0x150\n seq_read_iter+0x2d5/0x4c0\n seq_read+0x106/0x150\n vfs_read+0x98/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x40/0xb0\n entry_SYSCALL_64_after_hwframe+0x44/0xae" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/x86/kvm/trace.h" |
| ], |
| "versions": [ |
| { |
| "version": "380e0055bc7e4a5c687436ba3ccebb4667836b95", |
| "lessThan": "796d3bd4ac9316e70c181189318cd2bd98af34bc", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "380e0055bc7e4a5c687436ba3ccebb4667836b95", |
| "lessThan": "d046f724bbd725a24007b7e52b2d675249870888", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "380e0055bc7e4a5c687436ba3ccebb4667836b95", |
| "lessThan": "9fb088ce13bc3c59a51260207b487db3e556f275", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "380e0055bc7e4a5c687436ba3ccebb4667836b95", |
| "lessThan": "f31500b0d437a2464ca5972d8f5439e156b74960", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/x86/kvm/trace.h" |
| ], |
| "versions": [ |
| { |
| "version": "5.4", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.4", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.126", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.44", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.12.11", |
| "lessThanOrEqual": "5.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.4.126" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.10.44" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.12.11" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960" |
| } |
| ], |
| "title": "KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47262", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
