| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052242-CVE-2021-47450-c72f@gregkh> Date: Wed, 22 May 2024 08:19:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47450: KVM: arm64: Fix host stage-2 PGD refcount Description =========== In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2 PGDs individually. However, when running KVM in protected mode, the host's stage-2 PGD is currently managed by EL2 as a single high-order compound page, which can cause the refcount of the tail pages to reach 0 when they shouldn't, hence corrupting the page-table. Fix this by introducing a new hyp_split_page() helper in the EL2 page allocator (matching the kernel's split_page() function), and make use of it from host_s2_zalloc_pages_exact(). The Linux kernel CVE team has assigned CVE-2021-47450 to this issue. Affected and fixed versions =========================== Issue introduced in 5.13 with commit 1025c8c0c6ac and fixed in 5.14.15 with commit b372264c66ef Issue introduced in 5.13 with commit 1025c8c0c6ac and fixed in 5.15 with commit 1d58a17ef545 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47450 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm64/kvm/hyp/include/nvhe/gfp.h arch/arm64/kvm/hyp/nvhe/mem_protect.c arch/arm64/kvm/hyp/nvhe/page_alloc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b372264c66ef78f2cab44e877fbd765ad6d24c39 https://git.kernel.org/stable/c/1d58a17ef54599506d44c45ac95be27273a4d2b1
Powered by blists - more mailing lists