CVE-2021-47008 (GCVE-0-2021-47008)

Vulnerability from cvelistv5 – Published: 2024-02-28 08:13 – Updated: 2025-05-04 07:02
VLAI?
Title
KVM: SVM: Make sure GHCB is mapped before updating
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEXIT path and it is known that the GHCB will be mapped. But there are two paths where it is possible the GHCB might not be mapped. The sev_vcpu_deliver_sipi_vector() routine will update the GHCB to inform the caller of the AP Reset Hold NAE event that a SIPI has been delivered. However, if a SIPI is performed without a corresponding AP Reset Hold, then the GHCB might not be mapped (depending on the previous VMEXIT), which will result in a NULL pointer dereference. The svm_complete_emulated_msr() routine will update the GHCB to inform the caller of a RDMSR/WRMSR operation about any errors. While it is likely that the GHCB will be mapped in this situation, add a safe guard in this path to be certain a NULL pointer dereference is not encountered.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: f1c6366e304328de301be362eca905a3503ff33b , < fb9e14f4f8217a0980f8da2c8ff70dee058cbe47 (git)
Affected: f1c6366e304328de301be362eca905a3503ff33b , < fd722a57fe0b80133dacae4e1c852ee4212f9b2e (git)
Affected: f1c6366e304328de301be362eca905a3503ff33b , < a3ba26ecfb569f4aa3f867e80c02aa65f20aadad (git)
Create a notification for this product.
    Linux Linux Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.11.22 , ≤ 5.11.* (semver)
Unaffected: 5.12.5 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:58:15.859312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:33.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/sev.c",
            "arch/x86/kvm/svm/svm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fb9e14f4f8217a0980f8da2c8ff70dee058cbe47",
              "status": "affected",
              "version": "f1c6366e304328de301be362eca905a3503ff33b",
              "versionType": "git"
            },
            {
              "lessThan": "fd722a57fe0b80133dacae4e1c852ee4212f9b2e",
              "status": "affected",
              "version": "f1c6366e304328de301be362eca905a3503ff33b",
              "versionType": "git"
            },
            {
              "lessThan": "a3ba26ecfb569f4aa3f867e80c02aa65f20aadad",
              "status": "affected",
              "version": "f1c6366e304328de301be362eca905a3503ff33b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/sev.c",
            "arch/x86/kvm/svm/svm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.22",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.5",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Make sure GHCB is mapped before updating\n\nAccess to the GHCB is mainly in the VMGEXIT path and it is known that the\nGHCB will be mapped. But there are two paths where it is possible the GHCB\nmight not be mapped.\n\nThe sev_vcpu_deliver_sipi_vector() routine will update the GHCB to inform\nthe caller of the AP Reset Hold NAE event that a SIPI has been delivered.\nHowever, if a SIPI is performed without a corresponding AP Reset Hold,\nthen the GHCB might not be mapped (depending on the previous VMEXIT),\nwhich will result in a NULL pointer dereference.\n\nThe svm_complete_emulated_msr() routine will update the GHCB to inform\nthe caller of a RDMSR/WRMSR operation about any errors. While it is likely\nthat the GHCB will be mapped in this situation, add a safe guard\nin this path to be certain a NULL pointer dereference is not encountered."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:02:13.088Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad"
        }
      ],
      "title": "KVM: SVM: Make sure GHCB is mapped before updating",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47008",
    "datePublished": "2024-02-28T08:13:27.786Z",
    "dateReserved": "2024-02-27T18:42:55.952Z",
    "dateUpdated": "2025-05-04T07:02:13.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47008\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-28T09:15:38.560\",\"lastModified\":\"2024-12-09T18:24:06.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: SVM: Make sure GHCB is mapped before updating\\n\\nAccess to the GHCB is mainly in the VMGEXIT path and it is known that the\\nGHCB will be mapped. But there are two paths where it is possible the GHCB\\nmight not be mapped.\\n\\nThe sev_vcpu_deliver_sipi_vector() routine will update the GHCB to inform\\nthe caller of the AP Reset Hold NAE event that a SIPI has been delivered.\\nHowever, if a SIPI is performed without a corresponding AP Reset Hold,\\nthen the GHCB might not be mapped (depending on the previous VMEXIT),\\nwhich will result in a NULL pointer dereference.\\n\\nThe svm_complete_emulated_msr() routine will update the GHCB to inform\\nthe caller of a RDMSR/WRMSR operation about any errors. While it is likely\\nthat the GHCB will be mapped in this situation, add a safe guard\\nin this path to be certain a NULL pointer dereference is not encountered.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: SVM: aseg\u00farese de que GHCB est\u00e9 mapeado antes de actualizar. El acceso al GHCB se encuentra principalmente en la ruta VMGEXIT y se sabe que el GHCB ser\u00e1 mapeado. Pero hay dos caminos en los que es posible que el GHCB no est\u00e9 mapeado. La rutina sev_vcpu_deliver_sipi_vector() actualizar\u00e1 el GHCB para informar a la persona que llama del evento AP Reset Hold NAE que se ha entregado un SIPI. Sin embargo, si se realiza una SIPI sin una retenci\u00f3n de reinicio de AP correspondiente, es posible que el GHCB no se asigne (dependiendo del VMEXIT anterior), lo que resultar\u00e1 en una desreferencia del puntero NULL. La rutina svm_complete_emulated_msr() actualizar\u00e1 el GHCB para informar a la persona que llama de una operaci\u00f3n RDMSR/WRMSR sobre cualquier error. Si bien es probable que el GHCB se asigne en esta situaci\u00f3n, agregue una protecci\u00f3n en esta ruta para asegurarse de que no se encuentre una desreferencia de puntero NULL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.22\",\"matchCriteriaId\":\"83B53E9A-F426-4C03-9A5F-A931FF79827E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"0274929A-B36C-4F4C-AB22-30A0DD6B995B\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:24:39.477Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47008\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:58:15.859312Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:17.326Z\"}}], \"cna\": {\"title\": \"KVM: SVM: Make sure GHCB is mapped before updating\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"f1c6366e304328de301be362eca905a3503ff33b\", \"lessThan\": \"fb9e14f4f8217a0980f8da2c8ff70dee058cbe47\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f1c6366e304328de301be362eca905a3503ff33b\", \"lessThan\": \"fd722a57fe0b80133dacae4e1c852ee4212f9b2e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f1c6366e304328de301be362eca905a3503ff33b\", \"lessThan\": \"a3ba26ecfb569f4aa3f867e80c02aa65f20aadad\", \"versionType\": \"git\"}], \"programFiles\": [\"arch/x86/kvm/svm/sev.c\", \"arch/x86/kvm/svm/svm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.11.22\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"arch/x86/kvm/svm/sev.c\", \"arch/x86/kvm/svm/svm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/fb9e14f4f8217a0980f8da2c8ff70dee058cbe47\"}, {\"url\": \"https://git.kernel.org/stable/c/fd722a57fe0b80133dacae4e1c852ee4212f9b2e\"}, {\"url\": \"https://git.kernel.org/stable/c/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: SVM: Make sure GHCB is mapped before updating\\n\\nAccess to the GHCB is mainly in the VMGEXIT path and it is known that the\\nGHCB will be mapped. But there are two paths where it is possible the GHCB\\nmight not be mapped.\\n\\nThe sev_vcpu_deliver_sipi_vector() routine will update the GHCB to inform\\nthe caller of the AP Reset Hold NAE event that a SIPI has been delivered.\\nHowever, if a SIPI is performed without a corresponding AP Reset Hold,\\nthen the GHCB might not be mapped (depending on the previous VMEXIT),\\nwhich will result in a NULL pointer dereference.\\n\\nThe svm_complete_emulated_msr() routine will update the GHCB to inform\\nthe caller of a RDMSR/WRMSR operation about any errors. While it is likely\\nthat the GHCB will be mapped in this situation, add a safe guard\\nin this path to be certain a NULL pointer dereference is not encountered.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.22\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.5\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"5.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:02:13.088Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47008\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:02:13.088Z\", \"dateReserved\": \"2024-02-27T18:42:55.952Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-28T08:13:27.786Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.