CVE-2021-47227

EPSS 0.02%
Published 21.05.2024 15:15:11
Last modified 29.04.2025 19:41:06
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

x86/fpu: Prevent state corruption in __fpu__restore_sig()

The non-compacted slowpath uses __copy_from_user() and copies the entire
user buffer into the kernel buffer, verbatim.  This means that the kernel
buffer may now contain entirely invalid state on which XRSTOR will #GP.
validate_user_xstate_header() can detect some of that corruption, but that
leaves the onus on callers to clear the buffer.

Prior to XSAVES support, it was possible just to reinitialize the buffer,
completely, but with supervisor states that is not longer possible as the
buffer clearing code split got it backwards. Fixing that is possible but
not corrupting the state in the first place is more robust.

Avoid corruption of the kernel XSAVE buffer by using copy_user_to_xstate()
which validates the XSAVE header contents before copying the actual states
to the kernel. copy_user_to_xstate() was previously only called for
compacted-format kernel buffers, but it works for both compacted and
non-compacted forms.

Using it for the non-compacted form is slower because of multiple
__copy_from_user() operations, but that cost is less important than robust
code in an already slow path.

[ Changelog polished by Dave Hansen ]

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.8 < 5.10.46

Linux ≫ Linux Kernel Version >= 5.11 < 5.12.13

Linux ≫ Linux Kernel Version5.13 Updaterc1

Linux ≫ Linux Kernel Version5.13 Updaterc2

Linux ≫ Linux Kernel Version5.13 Updaterc3

Linux ≫ Linux Kernel Version5.13 Updaterc4

Linux ≫ Linux Kernel Version5.13 Updaterc5

Linux ≫ Linux Kernel Version5.13 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e

Patch

https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38

Patch

https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47227

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47227

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47227

EUVD