1224852 – (CVE-2021-47227) VUL-0: CVE-2021-47227: kernel: x86/fpu: Prevent state corruption in __fpu__restore_sig()

Bug 1224852 (CVE-2021-47227) - VUL-0: CVE-2021-47227: kernel: x86/fpu: Prevent state corruption in __fpu__restore_sig()

Summary: VUL-0: CVE-2021-47227: kernel: x86/fpu: Prevent state corruption in __fpu__re...

Status:	RESOLVED FIXED

Alias:	CVE-2021-47227

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/406853/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-47227:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-22 08:10 UTC by SMASH SMASH
Modified:	2024-06-24 20:32 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-22 08:10:07 UTC

In the Linux kernel, the following vulnerability has been resolved:

x86/fpu: Prevent state corruption in __fpu__restore_sig()

The non-compacted slowpath uses __copy_from_user() and copies the entire
user buffer into the kernel buffer, verbatim.  This means that the kernel
buffer may now contain entirely invalid state on which XRSTOR will #GP.
validate_user_xstate_header() can detect some of that corruption, but that
leaves the onus on callers to clear the buffer.

Prior to XSAVES support, it was possible just to reinitialize the buffer,
completely, but with supervisor states that is not longer possible as the
buffer clearing code split got it backwards. Fixing that is possible but
not corrupting the state in the first place is more robust.

Avoid corruption of the kernel XSAVE buffer by using copy_user_to_xstate()
which validates the XSAVE header contents before copying the actual states
to the kernel. copy_user_to_xstate() was previously only called for
compacted-format kernel buffers, but it works for both compacted and
non-compacted forms.

Using it for the non-compacted form is slower because of multiple
__copy_from_user() operations, but that cost is less important than robust
code in an already slow path.

[ Changelog polished by Dave Hansen ]

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47227
https://www.cve.org/CVERecord?id=CVE-2021-47227
https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e
https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38
https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47227.mbox

Comment 2 Michal Hocko 2024-05-23 16:00:24 UTC

nothing to be done

Comment 5 Gabriele Sonnu 2024-06-07 13:36:22 UTC

All done, closing.

Comment 7 Maintenance Automation 2024-06-12 20:31:43 UTC

SUSE-SU-2024:2010-1: An update that solves 186 vulnerabilities and has 27 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185589, 1185902, 1186885, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223626, 1223715, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34219](https://smelt.suse.de/incident/34219/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Maintenance Automation 2024-06-24 20:32:10 UTC

SUSE-SU-2024:2185-1: An update that solves 187 vulnerabilities and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185570, 1185589, 1185902, 1186885, 1187357, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-424, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34168](https://smelt.suse.de/incident/34168/)
Sources used:
openSUSE Leap 15.3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-syms-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1, kernel-source-5.3.18-150300.59.164.1, kernel-obs-qa-5.3.18-150300.59.164.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Enterprise Storage 7.1 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.