Bugzilla – Bug 1193187
VUL-0: CVE-2021-4032: kernel-source-azure,kernel-source-rt,kernel-source: kvm: mishandling of memory error during VCPU construction can lead to DoS
Last modified: 2021-11-29 17:07:20 UTC
rh#2027403 In the Linux kernel before 5.15, the KVM subsystem can crash the kernel due to the mishandling of memory error that happened during VCPU construction, which allows an attacker to cause a denial of service. When the failed allocation was detected, and the error path was taken, in arch/x86/kvm/lapic.c kvm_free_lapic(). However, a bad jump can happen in static_branch_slow_dec_deferred(), because the error was taken before the apic_hw_disabled jump label was set. The apic_base is initialized before the error, so it needs to undo things that were never done. References: https://lkml.org/lkml/2021/9/8/587 https://bugzilla.redhat.com/show_bug.cgi?id=2027403 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4032
No SLE-* or cve/linux-* branches are affected. Already fixed in stable and master. Bug introduced in: https://github.com/torvalds/linux/commit/421221234ada41b4a9f0beeb08e30b07388bd4bd Fixed in: https://github.com/torvalds/linux/commit/f7d8a19f9a056a05c5c509fa65af472a322abfee