Bug 2027403 (CVE-2021-4032)

Summary: CVE-2021-4032 kernel: kvm: mishandling of memory error during VCPU construction can lead to DoS
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, bskeggs, chwhite, dhoward, dvlasenk, fhrbata, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, jmaloy, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, steved, swood, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.15 rc7 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2027406, 2029213, 2029214, 2029215    
Bug Blocks: 2026965, 2027405    

Description Guilherme de Almeida Suckevicz 2021-11-29 14:55:14 UTC
A vulnerability was found in the KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when the failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service.

Reference:
https://lkml.org/lkml/2021/9/8/587
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee

Comment 1 Guilherme de Almeida Suckevicz 2021-11-29 14:58:45 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2027406]

Comment 6 Justin M. Forbes 2021-12-08 18:23:44 UTC
This was fixed for Fedora with the 5.15 stable kernel rebases.