Bug 2266594 (CVE-2021-47018) - CVE-2021-47018 kernel: ensure definition of the fixmap area is in a limit
Summary: CVE-2021-47018 kernel: ensure definition of the fixmap area is in a limit
Keywords:
Status: NEW
Alias: CVE-2021-47018
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2266596
Blocks: 2266587
TreeView+ depends on / blocked
 
Reported: 2024-02-28 12:44 UTC by Rohit Keshri
Modified: 2024-06-18 18:49 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The fixmap area that was defined for the PPC64 architecture was invalid.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2024-02-28 12:44:08 UTC
In the Linux kernel, the following vulnerability has been resolved:

powerpc/64: Fix the definition of the fixmap area

At the time being, the fixmap area is defined at the top of
the address space or just below KASAN.

This definition is not valid for PPC64.

For PPC64, use the top of the I/O space.

Because of circular dependencies, it is not possible to include
asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size
AREA at the top of the I/O space for fixmap and ensure during
build that the size is big enough.

https://git.kernel.org/stable/c/4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd
https://git.kernel.org/stable/c/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c
https://git.kernel.org/stable/c/a84df7c80bdac598d6ac9268ae578da6928883e8
https://git.kernel.org/stable/c/abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f

Comment 1 Rohit Keshri 2024-02-28 12:47:24 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266596]

Comment 3 Justin M. Forbes 2024-02-28 18:49:50 UTC
This was fixed for Fedora with the 5.12.4 stable kernel update.


Note You need to log in before you can comment on or make changes to this bug.