CVE-2021-47060

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()
fails to allocate memory for the new instance of the bus. If it can't
instantiate a new bus, unregister_dev() destroys all devices _except_ the
target device. But, it doesn't tell the caller that it obliterated the
bus and invoked the destructor for all devices that were on the bus. In
the coalesced MMIO case, this can result in a deleted list entry
dereference due to attempting to continue iterating on coalesced_zones
after future entries (in the walk) have been deleted.

Opportunistically add curly braces to the for-loop, which encompasses
many lines but sneaks by without braces due to the guts being a single
if statement.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: deja de buscar zonas MMIO fusionadas si el bus se destruye. Cancela el recorrido de las zonas MMIO fusionadas si kvm_io_bus_unregister_dev() no puede asignar memoria para la nueva instancia del bus. Si no puede crear una instancia de un nuevo bus, unregister_dev() destruye todos los dispositivos _excepto_ el dispositivo de destino. Pero no le dice a la persona que llama que destruyó el bus e invocó el destructor para todos los dispositivos que estaban en el bus. En el caso de MMIO fusionado, esto puede resultar en una desreferencia de entrada de lista eliminada debido al intento de continuar iterando en coalesced_zones después de que se hayan eliminado entradas futuras (en el recorrido). De manera oportunista, agregue llaves al bucle for, que abarca muchas líneas pero se escapa sin llaves debido a que el valor es una sola declaración if.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-29 CVE Reserved
2024-02-29 CVE Published
2024-03-01 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d	Vuln. Introduced
https://git.kernel.org/stable/c/f65886606c2d3b562716de030706dfe1bea4ed5e	Vuln. Introduced
https://git.kernel.org/stable/c/f0dfffce3f4ffd5f822568a4a6fb34c010e939d1	Vuln. Introduced
https://git.kernel.org/stable/c/840e124f89a5127e7eb97ebf377f4b8ca745c070	Vuln. Introduced
https://git.kernel.org/stable/c/40a023f681befd9b2862a3c16fb306a38b359ae5	Vuln. Introduced
https://git.kernel.org/stable/c/19184bd06f488af62924ff1747614a8cb284ad63	Vuln. Introduced
https://git.kernel.org/stable/c/68c125324b5e1d1d22805653735442923d896a1d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7d1bc32d6477ff96a32695ea4be8144e4513ab2d	2021-05-14
https://git.kernel.org/stable/c/2a20592baff59c5351c5200ec667e1a2aa22af85	2021-05-14
https://git.kernel.org/stable/c/168e82f640ed1891a700bdb43e37da354b2ab63c	2021-05-14
https://git.kernel.org/stable/c/50cbad42bfea8c052b7ca590bd4126cdc898713c	2021-05-14
https://git.kernel.org/stable/c/5d3c4c79384af06e3c8e25b7770b6247496b4417	2021-04-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.66 < 5.4.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.66 < 5.4.119"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.10.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.11.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.11.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.12.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.238 Search vendor "Linux" for product "Linux Kernel" and version "4.4.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.238 Search vendor "Linux" for product "Linux Kernel" and version "4.9.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.200 Search vendor "Linux" for product "Linux Kernel" and version "4.14.200"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.148 Search vendor "Linux" for product "Linux Kernel" and version "4.19.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.8.10 Search vendor "Linux" for product "Linux Kernel" and version "5.8.10"		en		Affected