Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2021 / CVE-2021-47463.json
blob: e75c89bcde2a15984a03c54ffd80fe7215ae58b6 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()\n\nCheck for a NULL page->mapping before dereferencing the mapping in\npage_is_secretmem(), as the page's mapping can be nullified while gup()\nis running, e.g. by reclaim or truncation.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000068\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 6 PID: 4173897 Comm: CPU 3/KVM Tainted: G W\n RIP: 0010:internal_get_user_pages_fast+0x621/0x9d0\n Code: <48> 81 7a 68 80 08 04 bc 0f 85 21 ff ff 8 89 c7 be\n RSP: 0018:ffffaa90087679b0 EFLAGS: 00010046\n RAX: ffffe3f37905b900 RBX: 00007f2dd561e000 RCX: ffffe3f37905b934\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffe3f37905b900\n ...\n CR2: 0000000000000068 CR3: 00000004c5898003 CR4: 00000000001726e0\n Call Trace:\n get_user_pages_fast_only+0x13/0x20\n hva_to_pfn+0xa9/0x3e0\n try_async_pf+0xa1/0x270\n direct_page_fault+0x113/0xad0\n kvm_mmu_page_fault+0x69/0x680\n vmx_handle_exit+0xe1/0x5d0\n kvm_arch_vcpu_ioctl_run+0xd81/0x1c70\n kvm_vcpu_ioctl+0x267/0x670\n __x64_sys_ioctl+0x83/0xa0\n do_syscall_64+0x56/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/linux/secretmem.h"
],
"versions": [
{
"version": "1507f51255c9ff07d75909a84e7c0d7f3c4b2f49",
"lessThan": "b77ba1e02345bafd703f0d407bdbd88c3be1f767",
"status": "affected",
"versionType": "git"
},
{
"version": "1507f51255c9ff07d75909a84e7c0d7f3c4b2f49",
"lessThan": "79f9bc5843142b649575f887dccdf1c07ad75c20",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/linux/secretmem.h"
],
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.14.15",
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.14.15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/b77ba1e02345bafd703f0d407bdbd88c3be1f767"
},
{
"url": "https://git.kernel.org/stable/c/79f9bc5843142b649575f887dccdf1c07ad75c20"
}
],
"title": "mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2021-47463",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}