Bug 1947139 (CVE-2021-30178) - CVE-2021-30178 kernel: NULL pointer dereference in synic_get function in arch/x86/kvm/hyperv.c for certain accesses to the SynIC Hyper-V context
Summary: CVE-2021-30178 kernel: NULL pointer dereference in synic_get function in arch...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-30178
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1947140 1947843
Blocks: 1947141
TreeView+ depends on / blocked
 
Reported: 2021-04-07 18:54 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-05-10 12:46 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A NULL pointer dereference occurs for certain accesses to the SynIC Hyper-V context. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-04-09 11:43:43 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-04-07 18:54:47 UTC
An issue was discovered in the Linux kernel. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context.

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918

Comment 1 Guilherme de Almeida Suckevicz 2021-04-07 18:55:38 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1947140]

Comment 3 Salvatore Bonaccorso 2021-04-13 19:42:26 UTC
Hi,

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> An issue was discovered in the Linux kernel through 5.11.11. synic_get in
> arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to
> the SynIC Hyper-V context.
> 
> Reference and upstream patch:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=919f4ebc598701670e80e31573a58f1f2d2bf918

Is this description correct? The fixing commit contains 

Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional")

but this later commit is only in 5.12-rc1 and was not backported to other stable series. Whilst the CVE description says "Linux kernel through 5.11.11.".

Where was the issue actually introduced?

Comment 4 Vitaly Kuznetsov 2021-04-14 08:37:01 UTC
(In reply to Salvatore Bonaccorso from comment #3)
> Hi,
> 
> (In reply to Guilherme de Almeida Suckevicz from comment #0)
> > An issue was discovered in the Linux kernel through 5.11.11. synic_get in
> > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to
> > the SynIC Hyper-V context.
> > 
> > Reference and upstream patch:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918
> 
> Is this description correct? The fixing commit contains 
> 
> Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement
> conditional")
> 
> but this later commit is only in 5.12-rc1 and was not backported to other
> stable series. Whilst the CVE description says "Linux kernel through
> 5.11.11.".
> 
> Where was the issue actually introduced?

The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see
it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which
questions the need for CVE).

Comment 5 Guilherme de Almeida Suckevicz 2021-04-14 13:06:16 UTC
In reply to comment #3:
> Hi,
> 
> (In reply to Guilherme de Almeida Suckevicz from comment #0)
> > An issue was discovered in the Linux kernel through 5.11.11. synic_get in
> > arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to
> > the SynIC Hyper-V context.
> > 
> > Reference and upstream patch:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> > ?id=919f4ebc598701670e80e31573a58f1f2d2bf918
> 
> Is this description correct? The fixing commit contains 
> 
> Fixes: 8f014550dfb1 ("KVM: x86: hyper-v: Make Hyper-V emulation enablement
> conditional")
> 
> but this later commit is only in 5.12-rc1 and was not backported to other
> stable series. Whilst the CVE description says "Linux kernel through
> 5.11.11.".
> 
> Where was the issue actually introduced?

Apparently the affected version is not correct, this is how it was reported to Mitre.
Petr, could you please check?

Comment 6 Petr Matousek 2021-04-15 08:18:08 UTC
(In reply to Vitaly Kuznetsov from comment #4)
> (In reply to Salvatore Bonaccorso from comment #3)
<snip>
> > Where was the issue actually introduced?
> 
> The issue was introduced by 8f014550dfb1 indeed, however, I also fail to see
> it in 5.11.x stable so the issue was both introduced and fixed in 5.12 (which
> questions the need for CVE).

I second what Vitaly says. I am sorry for misleading information, I've updated our
comment #0 to remove the reference to that particular kernel version.

Please note that that description was directly taken from Mitre (*) and since it does
not affect any of the Red Hat supported products we did not verify it further.

  (*) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30178

Any issues with the CVE assignment and/or description should be communicated to
Mitre directly.


Note You need to log in before you can comment on or make changes to this bug.