Bug 1193187 (CVE-2021-4032)

Summary: VUL-0: CVE-2021-4032: kernel-source-azure,kernel-source-rt,kernel-source: kvm: mishandling of memory error during VCPU construction can lead to DoS
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/315980/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2021-11-29 17:00:08 UTC 
rh#2027403

In the Linux kernel before 5.15, the KVM subsystem can crash the kernel due to the mishandling of memory error that happened during VCPU construction, which allows an attacker to cause a denial of service. When the failed allocation was detected, and the error path was taken, in arch/x86/kvm/lapic.c kvm_free_lapic(). However, a bad jump can happen in static_branch_slow_dec_deferred(), because the error was taken before the apic_hw_disabled jump label was set. The apic_base is initialized before the error, so it needs to undo things that were never done.

References:
https://lkml.org/lkml/2021/9/8/587
https://bugzilla.redhat.com/show_bug.cgi?id=2027403
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4032
Comment 1 Carlos López 2021-11-29 17:07:20 UTC 
No SLE-* or cve/linux-* branches are affected. Already fixed in stable and master.

Bug introduced in:
https://github.com/torvalds/linux/commit/421221234ada41b4a9f0beeb08e30b07388bd4bd

Fixed in:
https://github.com/torvalds/linux/commit/f7d8a19f9a056a05c5c509fa65af472a322abfee