fkie_cve-2021-47450
Vulnerability from fkie_nvd
Published
2024-05-22 07:15
Modified
2024-11-21 06:36
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix host stage-2 PGD refcount
The KVM page-table library refcounts the pages of concatenated stage-2
PGDs individually. However, when running KVM in protected mode, the
host's stage-2 PGD is currently managed by EL2 as a single high-order
compound page, which can cause the refcount of the tail pages to reach 0
when they shouldn't, hence corrupting the page-table.
Fix this by introducing a new hyp_split_page() helper in the EL2 page
allocator (matching the kernel's split_page() function), and make use of
it from host_s2_zalloc_pages_exact().
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix host stage-2 PGD refcount\n\nThe KVM page-table library refcounts the pages of concatenated stage-2\nPGDs individually. However, when running KVM in protected mode, the\nhost's stage-2 PGD is currently managed by EL2 as a single high-order\ncompound page, which can cause the refcount of the tail pages to reach 0\nwhen they shouldn't, hence corrupting the page-table.\n\nFix this by introducing a new hyp_split_page() helper in the EL2 page\nallocator (matching the kernel's split_page() function), and make use of\nit from host_s2_zalloc_pages_exact().", }, { lang: "es", value: "En el kernel de Linux, se resolvió la siguiente vulnerabilidad: KVM: arm64: corrige el recuento de PGD de etapa 2 del host La librería de tablas de páginas de KVM vuelve a contar las páginas de los PGD de etapa 2 concatenados individualmente. Sin embargo, cuando se ejecuta KVM en modo protegido, EL2 administra actualmente el PGD de etapa 2 del host como una única página compuesta de alto orden, lo que puede causar que el recuento de las páginas finales llegue a 0 cuando no debería, corrompiendo así el tabla de páginas. Solucione este problema introduciendo un nuevo asistente hyp_split_page() en el asignador de páginas EL2 (que coincida con la función split_page() del kernel) y utilícelo desde host_s2_zalloc_pages_exact().", }, ], id: "CVE-2021-47450", lastModified: "2024-11-21T06:36:10.327", metrics: {}, published: "2024-05-22T07:15:10.143", references: [ { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/1d58a17ef54599506d44c45ac95be27273a4d2b1", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/b372264c66ef78f2cab44e877fbd765ad6d24c39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/1d58a17ef54599506d44c45ac95be27273a4d2b1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/b372264c66ef78f2cab44e877fbd765ad6d24c39", }, ], sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", vulnStatus: "Awaiting Analysis", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.