cve/published/2021/CVE-2021-47430.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n\n\nCommit\n\n  3c73b81a9164 (\"x86/entry, selftests: Further improve user entry sanity checks\")\n\nadded a warning if AC is set when in the kernel.\n\nCommit\n\n  662a0221893a3d (\"x86/entry: Fix AC assertion\")\n\nchanged the warning to only fire if the CPU supports SMAP.\n\nHowever, the warning can still trigger on a machine that supports SMAP\nbut where it's disabled in the kernel config and when running the\nsyscall_nt selftest, for example:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode\n  CPU: 0 PID: 49 Comm: init Tainted: G                T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\n  RIP: 0010:irqentry_enter_from_user_mode\n  ...\n  Call Trace:\n   ? irqentry_enter\n   ? exc_general_protection\n   ? asm_exc_general_protection\n   ? asm_exc_general_protectio\n\nIS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but\neven this would not be enough in case SMAP is disabled at boot time with\nthe \"nosmap\" parameter.\n\nTo be consistent with \"nosmap\" behaviour, clear X86_FEATURE_SMAP when\n!CONFIG_X86_SMAP.\n\nFound using entry-fuzz + satrandconfig.\n\n [ bp: Massage commit message. ]"
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kernel/cpu/common.c"
                ],
                "versions": [
                   {
                      "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
                      "lessThan": "f2447f6587b8ffe42ba04d14ce67d429a1163e5e",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
                      "lessThan": "4e9ec1c65da98c293f75d83755dfa5e03075a6d0",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
                      "lessThan": "3958b9c34c2729597e182cc606cc43942fd19f7c",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/x86/kernel/cpu/common.c"
                ],
                "versions": [
                   {
                      "version": "5.8",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "5.8",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.10.73",
                      "lessThanOrEqual": "5.10.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.14.12",
                      "lessThanOrEqual": "5.14.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.8",
                            "versionEndExcluding": "5.10.73"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.8",
                            "versionEndExcluding": "5.14.12"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.8",
                            "versionEndExcluding": "5.15"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e"
             },
             {
                "url": "https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0"
             },
             {
                "url": "https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c"
             }
          ],
          "title": "x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2021-47430",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n\n\nCommit\n\n 3c73b81a9164 (\"x86/entry, selftests: Further improve user entry sanity checks\")\n\nadded a warning if AC is set when in the kernel.\n\nCommit\n\n 662a0221893a3d (\"x86/entry: Fix AC assertion\")\n\nchanged the warning to only fire if the CPU supports SMAP.\n\nHowever, the warning can still trigger on a machine that supports SMAP\nbut where it's disabled in the kernel config and when running the\nsyscall_nt selftest, for example:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode\n CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\n RIP: 0010:irqentry_enter_from_user_mode\n ...\n Call Trace:\n ? irqentry_enter\n ? exc_general_protection\n ? asm_exc_general_protection\n ? asm_exc_general_protectio\n\nIS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but\neven this would not be enough in case SMAP is disabled at boot time with\nthe \"nosmap\" parameter.\n\nTo be consistent with \"nosmap\" behaviour, clear X86_FEATURE_SMAP when\n!CONFIG_X86_SMAP.\n\nFound using entry-fuzz + satrandconfig.\n\n [ bp: Massage commit message. ]"
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kernel/cpu/common.c"
	],
	"versions": [
	{
	"version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
	"lessThan": "f2447f6587b8ffe42ba04d14ce67d429a1163e5e",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
	"lessThan": "4e9ec1c65da98c293f75d83755dfa5e03075a6d0",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
	"lessThan": "3958b9c34c2729597e182cc606cc43942fd19f7c",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/x86/kernel/cpu/common.c"
	],
	"versions": [
	{
	"version": "5.8",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "5.8",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.10.73",
	"lessThanOrEqual": "5.10.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.14.12",
	"lessThanOrEqual": "5.14.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.15",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.8",
	"versionEndExcluding": "5.10.73"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.8",
	"versionEndExcluding": "5.14.12"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.8",
	"versionEndExcluding": "5.15"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e"
	},
	{
	"url": "https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0"
	},
	{
	"url": "https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c"
	}
	],
	"title": "x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2021-47430",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}