Bug 2266594 (CVE-2021-47018)

Summary: CVE-2021-47018 kernel: ensure definition of the fixmap area is in a limit
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The fixmap area that was defined for the PPC64 architecture was invalid.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2266596    
Bug Blocks: 2266587    

Description Rohit Keshri 2024-02-28 12:44:08 UTC 
In the Linux kernel, the following vulnerability has been resolved:

powerpc/64: Fix the definition of the fixmap area

At the time being, the fixmap area is defined at the top of
the address space or just below KASAN.

This definition is not valid for PPC64.

For PPC64, use the top of the I/O space.

Because of circular dependencies, it is not possible to include
asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size
AREA at the top of the I/O space for fixmap and ensure during
build that the size is big enough.

https://git.kernel.org/stable/c/4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd
https://git.kernel.org/stable/c/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c
https://git.kernel.org/stable/c/a84df7c80bdac598d6ac9268ae578da6928883e8
https://git.kernel.org/stable/c/abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f
Comment 1 Rohit Keshri 2024-02-28 12:47:24 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266596]
Comment 3 Justin M. Forbes 2024-02-28 18:49:50 UTC 
This was fixed for Fedora with the 5.12.4 stable kernel update.
Comment 9 errata-xmlrpc 2024-08-08 04:52:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101