Bug 1193187 - (CVE-2021-4032) VUL-0: CVE-2021-4032: kernel-source-azure,kernel-source-rt,kernel-source: kvm: mishandling of memory error during VCPU construction can lead to DoS
(CVE-2021-4032)
VUL-0: CVE-2021-4032: kernel-source-azure,kernel-source-rt,kernel-source: kvm...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Kernel Bugs
Security Team bot
https://smash.suse.de/issue/315980/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-29 17:00 UTC by Carlos López
Modified: 2021-11-29 17:07 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2021-11-29 17:00:08 UTC
rh#2027403

In the Linux kernel before 5.15, the KVM subsystem can crash the kernel due to the mishandling of memory error that happened during VCPU construction, which allows an attacker to cause a denial of service. When the failed allocation was detected, and the error path was taken, in arch/x86/kvm/lapic.c kvm_free_lapic(). However, a bad jump can happen in static_branch_slow_dec_deferred(), because the error was taken before the apic_hw_disabled jump label was set. The apic_base is initialized before the error, so it needs to undo things that were never done.

References:
https://lkml.org/lkml/2021/9/8/587
https://bugzilla.redhat.com/show_bug.cgi?id=2027403
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4032
Comment 1 Carlos López 2021-11-29 17:07:20 UTC
No SLE-* or cve/linux-* branches are affected. Already fixed in stable and master.

Bug introduced in:
https://github.com/torvalds/linux/commit/421221234ada41b4a9f0beeb08e30b07388bd4bd

Fixed in:
https://github.com/torvalds/linux/commit/f7d8a19f9a056a05c5c509fa65af472a322abfee