cve-2021-46927
Vulnerability from cvelistv5
Published
2024-02-27 09:43
Modified
2024-12-19 07:31
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert After commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked() annotations to find_vma*()"), the call to get_user_pages() will trigger the mmap assert. static inline void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [ 62.521410] kernel BUG at include/linux/mmap_lock.h:156! ........................................................... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ........................................................... [ 62.605889] Call Trace: [ 62.608502] <TASK> [ 62.610956] ? lock_timer_base+0x61/0x80 [ 62.614106] find_extend_vma+0x19/0x80 [ 62.617195] __get_user_pages+0x9b/0x6a0 [ 62.620356] __gup_longterm_locked+0x42d/0x450 [ 62.623721] ? finish_wait+0x41/0x80 [ 62.626748] ? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64_sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae Use get_user_pages_unlocked() when setting the enclave memory regions. That's a similar pattern as mmap_read_lock() used together with get_user_pages().
Impacted products
Vendor Product Version
Linux Linux Version: 5.15
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-46927",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-27T15:46:16.994467Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-05T17:22:00.781Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T05:17:42.860Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Linux",
               programFiles: [
                  "drivers/virt/nitro_enclaves/ne_misc_dev.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     lessThan: "90d2beed5e753805c5eab656b8d48257638fe543",
                     status: "affected",
                     version: "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b",
                     versionType: "git",
                  },
                  {
                     lessThan: "3a0152b219523227c2a62a0a122cf99608287176",
                     status: "affected",
                     version: "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b",
                     versionType: "git",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "Linux",
               programFiles: [
                  "drivers/virt/nitro_enclaves/ne_misc_dev.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     status: "affected",
                     version: "5.15",
                  },
                  {
                     lessThan: "5.15",
                     status: "unaffected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.15.*",
                     status: "unaffected",
                     version: "5.15.13",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "*",
                     status: "unaffected",
                     version: "5.16",
                     versionType: "original_commit_for_fix",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec (\"mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()\"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(&mm->mmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\n}\n\n[   62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[   62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[   62.605889] Call Trace:\n[   62.608502]  <TASK>\n[   62.610956]  ? lock_timer_base+0x61/0x80\n[   62.614106]  find_extend_vma+0x19/0x80\n[   62.617195]  __get_user_pages+0x9b/0x6a0\n[   62.620356]  __gup_longterm_locked+0x42d/0x450\n[   62.623721]  ? finish_wait+0x41/0x80\n[   62.626748]  ? __kmalloc+0x178/0x2f0\n[   62.629768]  ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[   62.635776]  ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[   62.639541]  __x64_sys_ioctl+0x82/0xb0\n[   62.642620]  do_syscall_64+0x3b/0x90\n[   62.645642]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat's a similar pattern as mmap_read_lock() used together with\nget_user_pages().",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-12-19T07:31:58.212Z",
            orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            shortName: "Linux",
         },
         references: [
            {
               url: "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543",
            },
            {
               url: "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176",
            },
         ],
         title: "nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert",
         x_generator: {
            engine: "bippy-5f407fcff5a0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      assignerShortName: "Linux",
      cveId: "CVE-2021-46927",
      datePublished: "2024-02-27T09:43:56.743Z",
      dateReserved: "2024-02-25T13:45:52.720Z",
      dateUpdated: "2024-12-19T07:31:58.212Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.15.0\", \"versionEndExcluding\": \"5.15.13\", \"matchCriteriaId\": \"8CC64BCA-D219-487C-A123-4C470FE30AB2\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\\n\\nAfter commit 5b78ed24e8ec (\\\"mm/pagemap: add mmap_assert_locked()\\nannotations to find_vma*()\\\"), the call to get_user_pages() will trigger\\nthe mmap assert.\\n\\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\\n{\\n\\tlockdep_assert_held(&mm->mmap_lock);\\n\\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\\n}\\n\\n[   62.521410] kernel BUG at include/linux/mmap_lock.h:156!\\n...........................................................\\n[   62.538938] RIP: 0010:find_vma+0x32/0x80\\n...........................................................\\n[   62.605889] Call Trace:\\n[   62.608502]  <TASK>\\n[   62.610956]  ? lock_timer_base+0x61/0x80\\n[   62.614106]  find_extend_vma+0x19/0x80\\n[   62.617195]  __get_user_pages+0x9b/0x6a0\\n[   62.620356]  __gup_longterm_locked+0x42d/0x450\\n[   62.623721]  ? finish_wait+0x41/0x80\\n[   62.626748]  ? __kmalloc+0x178/0x2f0\\n[   62.629768]  ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\\n[   62.635776]  ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\\n[   62.639541]  __x64_sys_ioctl+0x82/0xb0\\n[   62.642620]  do_syscall_64+0x3b/0x90\\n[   62.645642]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nUse get_user_pages_unlocked() when setting the enclave memory regions.\\nThat's a similar pattern as mmap_read_lock() used together with\\nget_user_pages().\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Despu\\u00e9s del commit 5b78ed24e8ec (\\\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\\\"), la llamada a get_user_pages( ) activar\\u00e1 la afirmaci\\u00f3n mmap. est\\u00e1tico en l\\u00ednea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&amp;mm-&gt;mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&amp;mm-&gt;mmap_lock), mm); } [62.521410] \\u00a1ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502]  [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patr\\u00f3n similar al mmap_read_lock() usado junto con get_user_pages().\"}]",
         id: "CVE-2021-46927",
         lastModified: "2024-11-21T06:34:57.133",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
         published: "2024-02-27T10:15:07.410",
         references: "[{\"url\": \"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
         sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2021-46927\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T10:15:07.410\",\"lastModified\":\"2024-11-21T06:34:57.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\\n\\nAfter commit 5b78ed24e8ec (\\\"mm/pagemap: add mmap_assert_locked()\\nannotations to find_vma*()\\\"), the call to get_user_pages() will trigger\\nthe mmap assert.\\n\\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\\n{\\n\\tlockdep_assert_held(&mm->mmap_lock);\\n\\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\\n}\\n\\n[   62.521410] kernel BUG at include/linux/mmap_lock.h:156!\\n...........................................................\\n[   62.538938] RIP: 0010:find_vma+0x32/0x80\\n...........................................................\\n[   62.605889] Call Trace:\\n[   62.608502]  <TASK>\\n[   62.610956]  ? lock_timer_base+0x61/0x80\\n[   62.614106]  find_extend_vma+0x19/0x80\\n[   62.617195]  __get_user_pages+0x9b/0x6a0\\n[   62.620356]  __gup_longterm_locked+0x42d/0x450\\n[   62.623721]  ? finish_wait+0x41/0x80\\n[   62.626748]  ? __kmalloc+0x178/0x2f0\\n[   62.629768]  ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\\n[   62.635776]  ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\\n[   62.639541]  __x64_sys_ioctl+0x82/0xb0\\n[   62.642620]  do_syscall_64+0x3b/0x90\\n[   62.645642]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nUse get_user_pages_unlocked() when setting the enclave memory regions.\\nThat's a similar pattern as mmap_read_lock() used together with\\nget_user_pages().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Después del commit 5b78ed24e8ec (\\\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\\\"), la llamada a get_user_pages( ) activará la afirmación mmap. estático en línea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&amp;mm-&gt;mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&amp;mm-&gt;mmap_lock), mm); } [62.521410] ¡ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502]  [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patrón similar al mmap_read_lock() usado junto con get_user_pages().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.0\",\"versionEndExcluding\":\"5.15.13\",\"matchCriteriaId\":\"8CC64BCA-D219-487C-A123-4C470FE30AB2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
   },
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.