5.5

CVE-2021-47407

KVM: x86: Handle SRCU initialization failure during page track init

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Handle SRCU initialization failure during page track init

Check the return of init_srcu_struct(), which can fail due to OOM, when
initializing the page track mechanism.  Lack of checking leads to a NULL
pointer deref found by a modified syzkaller.

[Move the call towards the beginning of kvm_arch_init_vm. - Paolo]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.10.71
LinuxLinux Kernel Version >= 5.11 < 5.14.10
LinuxLinux Kernel Version5.15 Updaterc1
LinuxLinux Kernel Version5.15 Updaterc2
LinuxLinux Kernel Version5.15 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.16
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/4664318f73e496cd22c71b10888e75434a123e23
Patch
Mailing List
https://git.kernel.org/stable/c/deb2949417677649e2413266d7ce8c2ff73952b4
Patch
Mailing List
https://git.kernel.org/stable/c/eb7511bf9182292ef1df1082d23039e856d1ddfb
Patch
Mailing List