An issue was discovered in the Linux kernel. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context. Reference and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1947140]
Hi, (In reply to Guilherme de Almeida Suckevicz from comment #0) > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > the SynIC Hyper-V context. > > Reference and upstream patch: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 Is this description correct? The fixing commit contains Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional") but this later commit is only in 5.12-rc1 and was not backported to other stable series. Whilst the CVE description says "Linux kernel through 5.11.11.". Where was the issue actually introduced?
(In reply to Salvatore Bonaccorso from comment #3) > Hi, > > (In reply to Guilherme de Almeida Suckevicz from comment #0) > > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > > the SynIC Hyper-V context. > > > > Reference and upstream patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 > > Is this description correct? The fixing commit contains > > Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement > conditional") > > but this later commit is only in 5.12-rc1 and was not backported to other > stable series. Whilst the CVE description says "Linux kernel through > 5.11.11.". > > Where was the issue actually introduced? The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which questions the need for CVE).
In reply to comment #3: > Hi, > > (In reply to Guilherme de Almeida Suckevicz from comment #0) > > An issue was discovered in the Linux kernel through 5.11.11. synic_get in > > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to > > the SynIC Hyper-V context. > > > > Reference and upstream patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918 > > Is this description correct? The fixing commit contains > > Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement > conditional") > > but this later commit is only in 5.12-rc1 and was not backported to other > stable series. Whilst the CVE description says "Linux kernel through > 5.11.11.". > > Where was the issue actually introduced? Apparently the affected version is not correct, this is how it was reported to Mitre. Petr, could you please check?
(In reply to Vitaly Kuznetsov from comment #4) > (In reply to Salvatore Bonaccorso from comment #3) <snip> > > Where was the issue actually introduced? > > The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see > it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which > questions the need for CVE). I second what Vitaly says. I am sorry for misleading information, I've updated our comment #0 to remove the reference to that particular kernel version. Please note that that description was directly taken from Mitre (*) and since it does not affect any of the Red Hat supported products we did not verify it further. (*) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30178 Any issues with the CVE assignment and/or description should be communicated to Mitre directly.