Bug 1947139 (CVE-2021-30178)
| Summary: | CVE-2021-30178 kernel: NULL pointer dereference in synic_get function in arch/x86/kvm/hyperv.c for certain accesses to the SynIC Hyper-V context | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, carnil, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, pmatouse, ptalbert, qzhao, rlacthdud, rvrbovsk, steved, tomckay, vkuznets, walters, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Linux kernel. A NULL pointer dereference occurs for certain accesses to the SynIC Hyper-V context. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-04-09 11:43:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1947140, 1947843 | ||
| Bug Blocks: | 1947141 | ||
|
Description
Guilherme de Almeida Suckevicz
2021-04-07 18:54:47 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1947140] Hi, (In reply to Guilherme de Almeida Suckevicz from comment #0) > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > the SynIC Hyper-V context. > > Reference and upstream patch: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 Is this description correct? The fixing commit contains Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional") but this later commit is only in 5.12-rc1 and was not backported to other stable series. Whilst the CVE description says "Linux kernel through 5.11.11.". Where was the issue actually introduced? (In reply to Salvatore Bonaccorso from comment #3) > Hi, > > (In reply to Guilherme de Almeida Suckevicz from comment #0) > > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > > the SynIC Hyper-V context. > > > > Reference and upstream patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 > > Is this description correct? The fixing commit contains > > Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement > conditional") > > but this later commit is only in 5.12-rc1 and was not backported to other > stable series. Whilst the CVE description says "Linux kernel through > 5.11.11.". > > Where was the issue actually introduced? The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which questions the need for CVE). In reply to comment #3: > Hi, > > (In reply to Guilherme de Almeida Suckevicz from comment #0) > > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > > the SynIC Hyper-V context. > > > > Reference and upstream patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 > > Is this description correct? The fixing commit contains > > Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement > conditional") > > but this later commit is only in 5.12-rc1 and was not backported to other > stable series. Whilst the CVE description says "Linux kernel through > 5.11.11.". > > Where was the issue actually introduced? Apparently the affected version is not correct, this is how it was reported to Mitre. Petr, could you please check? (In reply to Vitaly Kuznetsov from comment #4) > (In reply to Salvatore Bonaccorso from comment #3) <snip> > > Where was the issue actually introduced? > > The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see > it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which > questions the need for CVE). I second what Vitaly says. I am sorry for misleading information, I've updated our comment #0 to remove the reference to that particular kernel version. Please note that that description was directly taken from Mitre (*) and since it does not affect any of the Red Hat supported products we did not verify it further. (*) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30178 Any issues with the CVE assignment and/or description should be communicated to Mitre directly. |