Bug 1950136 (CVE-2021-3501)
| Summary: | CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, asavkov, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, crwood, dblechte, dfediuck, dhoward, dvlasenk, eedri, fhrbata, fpacheco, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, mgoldboi, michal.skrivanek, mlangsdo, nmurray, nobody, ptalbert, qzhao, rhandlin, rkeshri, rvrbovsk, sbonazzo, security-response-team, sherold, steved, tomckay, walters, wcosta, williams, ycote, yturgema |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.12 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-06-01 11:32:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1954218, 1954219, 1954221, 1954224, 1954229, 1954230, 1954240, 1954241, 1970758 | ||
| Bug Blocks: | 1949610, 1950139 | ||
|
Description
Guilherme de Almeida Suckevicz
2021-04-15 20:21:03 UTC
Statement: This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.4.0 and onward kernel version. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1954240] Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1954241] This was fixed for Fedora with the 5.11.16 stable kernel updates. Acknowledgments: Name: Reiji Watanabe (Google) This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2169 https://access.redhat.com/errata/RHSA-2021:2169 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2165 https://access.redhat.com/errata/RHSA-2021:2165 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2168 https://access.redhat.com/errata/RHSA-2021:2168 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3501 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:2522 https://access.redhat.com/errata/RHSA-2021:2522 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:2522 https://access.redhat.com/errata/RHSA-2021:2522 |