cve-2021-47262
Vulnerability from cvelistv5
Published
2024-05-21 14:19
Modified
2024-12-19 07:38
Severity ?
EPSS score ?
Summary
KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T19:08:01.681086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:43:39.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "796d3bd4ac9316e70c181189318cd2bd98af34bc",
"status": "affected",
"version": "380e0055bc7e4a5c687436ba3ccebb4667836b95",
"versionType": "git"
},
{
"lessThan": "d046f724bbd725a24007b7e52b2d675249870888",
"status": "affected",
"version": "380e0055bc7e4a5c687436ba3ccebb4667836b95",
"versionType": "git"
},
{
"lessThan": "9fb088ce13bc3c59a51260207b487db3e556f275",
"status": "affected",
"version": "380e0055bc7e4a5c687436ba3ccebb4667836b95",
"versionType": "git"
},
{
"lessThan": "f31500b0d437a2464ca5972d8f5439e156b74960",
"status": "affected",
"version": "380e0055bc7e4a5c687436ba3ccebb4667836b95",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.126",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message\n\nUse the __string() machinery provided by the tracing subystem to make a\ncopy of the string literals consumed by the \"nested VM-Enter failed\"\ntracepoint. A complete copy is necessary to ensure that the tracepoint\ncan\u0027t outlive the data/memory it consumes and deference stale memory.\n\nBecause the tracepoint itself is defined by kvm, if kvm-intel and/or\nkvm-amd are built as modules, the memory holding the string literals\ndefined by the vendor modules will be freed when the module is unloaded,\nwhereas the tracepoint and its data in the ring buffer will live until\nkvm is unloaded (or \"indefinitely\" if kvm is built-in).\n\nThis bug has existed since the tracepoint was added, but was recently\nexposed by a new check in tracing to detect exactly this type of bug.\n\n fmt: \u0027%s%s\n \u0027 current_buffer: \u0027 vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: \u0027\n WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0\n CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184\n Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014\n RIP: 0010:trace_check_vprintf+0x3be/0x3e0\n Code: \u003c0f\u003e 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20\n RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027\n RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8\n RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8\n R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4\n R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000\n FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0\n Call Trace:\n trace_event_printf+0x5e/0x80\n trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm]\n print_trace_line+0x1dd/0x4e0\n s_show+0x45/0x150\n seq_read_iter+0x2d5/0x4c0\n seq_read+0x106/0x150\n vfs_read+0x98/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x40/0xb0\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T07:38:27.959Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc"
},
{
"url": "https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888"
},
{
"url": "https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275"
},
{
"url": "https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960"
}
],
"title": "KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47262",
"datePublished": "2024-05-21T14:19:54.666Z",
"dateReserved": "2024-05-21T13:27:52.126Z",
"dateUpdated": "2024-12-19T07:38:27.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-47262\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:14.930\",\"lastModified\":\"2025-04-30T16:22:25.493\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message\\n\\nUse the __string() machinery provided by the tracing subystem to make a\\ncopy of the string literals consumed by the \\\"nested VM-Enter failed\\\"\\ntracepoint. A complete copy is necessary to ensure that the tracepoint\\ncan\u0027t outlive the data/memory it consumes and deference stale memory.\\n\\nBecause the tracepoint itself is defined by kvm, if kvm-intel and/or\\nkvm-amd are built as modules, the memory holding the string literals\\ndefined by the vendor modules will be freed when the module is unloaded,\\nwhereas the tracepoint and its data in the ring buffer will live until\\nkvm is unloaded (or \\\"indefinitely\\\" if kvm is built-in).\\n\\nThis bug has existed since the tracepoint was added, but was recently\\nexposed by a new check in tracing to detect exactly this type of bug.\\n\\n fmt: \u0027%s%s\\n \u0027 current_buffer: \u0027 vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: \u0027\\n WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0\\n CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184\\n Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014\\n RIP: 0010:trace_check_vprintf+0x3be/0x3e0\\n Code: \u003c0f\u003e 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20\\n RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282\\n RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027\\n RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8\\n RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8\\n R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4\\n R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000\\n FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0\\n Call Trace:\\n trace_event_printf+0x5e/0x80\\n trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm]\\n print_trace_line+0x1dd/0x4e0\\n s_show+0x45/0x150\\n seq_read_iter+0x2d5/0x4c0\\n seq_read+0x106/0x150\\n vfs_read+0x98/0x180\\n ksys_read+0x5f/0xe0\\n do_syscall_64+0x40/0xb0\\n entry_SYSCALL_64_after_hwframe+0x44/0xae\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Garantizar la vivacidad de la VM anidada. Ingrese el mensaje de punto de seguimiento de falla. Utilice la maquinaria __string() proporcionada por el subsistema de seguimiento para hacer una copia de los literales de cadena consumidos por los puntos de seguimiento \\\"nested VM-Enter failed\\\". Es necesaria una copia completa para garantizar que el punto de seguimiento no pueda vivir m\u00e1s que los datos o la memoria que consume y para evitar la memoria obsoleta. Debido a que el punto de seguimiento en s\u00ed est\u00e1 definido por kvm, si kvm-intel y/o kvm-amd se construyen como m\u00f3dulos, la memoria que contiene los literales de cadena definidos por los m\u00f3dulos del proveedor se liberar\u00e1 cuando se descargue el m\u00f3dulo, mientras que el punto de seguimiento y sus datos en el b\u00fafer circular permanecer\u00e1 hasta que se descargue kvm (o \\\"indefinidamente\\\" si kvm est\u00e1 integrado). Este error ha existido desde que se agreg\u00f3 el punto de seguimiento, pero recientemente qued\u00f3 expuesto mediante una nueva verificaci\u00f3n en el seguimiento para detectar exactamente este tipo de error. fmt: \u0027%s%s \u0027 current_buffer: \u0027 vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: \u0027 ADVERTENCIA: CPU: 3 PID: 140134 en kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0 CPU: 3 PID: 140134 Comm: less No contaminado 5.13.0-rc1-ce2e73ce600a-req #184 Nombre de hardware: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:trace_check_vprintf+0x3be/0x3e0 C\u00f3digo: \u0026lt; 0f\u0026gt; 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20 RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: cc37bd08 RCX: 0000000000000027 RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8 RBP : ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8 R10: 0000000000000001 R11: 00000000000000001 R12: ffffffffc0a041d4 R13: ffffffffc0f4dba8 R 14: 0000000000000000 R15: ffff976409f2c000 FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 00 CR0: 0000000080050033 CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0 Seguimiento de llamadas: trace_event_printf+0x5e/0x80 3a/0x60 [kvm] print_trace_line+0x1dd/0x4e0 s_show+0x45/0x150 seq_read_iter+0x2d5/0x4c0 seq_read+0x106/0x150 vfs_read+ 0x98/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x40/0xb0 entrada_SYSCALL_64_after_hwframe+0x44/0xae\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.126\",\"matchCriteriaId\":\"6D23A3FF-8CE4-41A1-9E6A-8138FDC413F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.44\",\"matchCriteriaId\":\"DA547B08-9D25-467B-AD0D-8460FE4EE70D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.12.11\",\"matchCriteriaId\":\"F914A757-FAFD-407E-9031-21F66635D5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AC23B2-D46A-49D9-8203-8E1BEDCA8532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA610E30-717C-4700-9F77-A3C9244F3BFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ECD33F5-85BE-430B-8F86-8D7BD560311D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF351855-2437-4CF5-AD7C-BDFA51F27683\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.