// For flags

CVE-2021-47554

vdpa_sim: avoid putting an uninitialized iova_domain

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

vdpa_sim: avoid putting an uninitialized iova_domain

The system will crash if we put an uninitialized iova_domain, this
could happen when an error occurs before initializing the iova_domain
in vdpasim_create().

BUG: kernel NULL pointer dereference, address: 0000000000000000
...
RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0
...
Call Trace:
<TASK>
put_iova_domain+0x29/0x220
vdpasim_free+0xd1/0x120 [vdpa_sim]
vdpa_release_dev+0x21/0x40 [vdpa]
device_release+0x33/0x90
kobject_release+0x63/0x160
vdpasim_create+0x127/0x2a0 [vdpa_sim]
vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net]
vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa]
genl_family_rcv_msg_doit+0x112/0x140
genl_rcv_msg+0xdf/0x1d0
...

So we must make sure the iova_domain is already initialized before
put it.

In addition, we may get the following warning in this case:
WARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70

So we must make sure the iova_cache_put() is invoked only if the
iova_cache_get() is already invoked. Let's fix it together.

En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: vdpa_sim: evitar poner un iova_domain no inicializado El sistema se bloqueará si ponemos un iova_domain no inicializado, esto podría pasar cuando ocurre un error antes de inicializar el iova_domain en vdpasim_create(). ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000... RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0... Seguimiento de llamadas: put_iova_domain+0x29/0x220 vdpasim_free+0xd1/0x120 [vdpa_release_] desarrollo+0x21/0x40 [ vdpa] device_release+0x33/0x90 kobject_release+0x63/0x160 vdpasim_create+0x127/0x2a0 [vdpa_sim] vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net] vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [ vdpa] genl_family_rcv_msg_doit+0x112/0x140 genl_rcv_msg+0xdf/0x1d0 ... Entonces debemos asegurarnos de que iova_domain ya esté inicializado antes de colocarlo. Además, es posible que recibamos la siguiente advertencia en este caso: ADVERTENCIA: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70 Por lo tanto, debemos asegurarnos de que iova_cache_put() se invoque solo si iova_cache_get() es ya invocado. Arreglemoslo juntos.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-24 CVE Reserved
  • 2024-05-24 CVE Published
  • 2024-05-25 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 5.15.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 5.16
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.16"
en
Affected