cve-2021-46927
Vulnerability from cvelistv5
Published
2024-02-27 09:43
Modified
2024-12-19 07:31
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
After commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked()
annotations to find_vma*()"), the call to get_user_pages() will trigger
the mmap assert.
static inline void mmap_assert_locked(struct mm_struct *mm)
{
lockdep_assert_held(&mm->mmap_lock);
VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);
}
[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!
...........................................................
[ 62.538938] RIP: 0010:find_vma+0x32/0x80
...........................................................
[ 62.605889] Call Trace:
[ 62.608502] <TASK>
[ 62.610956] ? lock_timer_base+0x61/0x80
[ 62.614106] find_extend_vma+0x19/0x80
[ 62.617195] __get_user_pages+0x9b/0x6a0
[ 62.620356] __gup_longterm_locked+0x42d/0x450
[ 62.623721] ? finish_wait+0x41/0x80
[ 62.626748] ? __kmalloc+0x178/0x2f0
[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]
[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]
[ 62.639541] __x64_sys_ioctl+0x82/0xb0
[ 62.642620] do_syscall_64+0x3b/0x90
[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae
Use get_user_pages_unlocked() when setting the enclave memory regions.
That's a similar pattern as mmap_read_lock() used together with
get_user_pages().
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-46927", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T15:46:16.994467Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:00.781Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Linux", programFiles: [ "drivers/virt/nitro_enclaves/ne_misc_dev.c", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { lessThan: "90d2beed5e753805c5eab656b8d48257638fe543", status: "affected", version: "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b", versionType: "git", }, { lessThan: "3a0152b219523227c2a62a0a122cf99608287176", status: "affected", version: "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b", versionType: "git", }, ], }, { defaultStatus: "affected", product: "Linux", programFiles: [ "drivers/virt/nitro_enclaves/ne_misc_dev.c", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { status: "affected", version: "5.15", }, { lessThan: "5.15", status: "unaffected", version: "0", versionType: "semver", }, { lessThanOrEqual: "5.15.*", status: "unaffected", version: "5.15.13", versionType: "semver", }, { lessThanOrEqual: "*", status: "unaffected", version: "5.16", versionType: "original_commit_for_fix", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec (\"mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()\"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(&mm->mmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\n}\n\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[ 62.605889] Call Trace:\n[ 62.608502] <TASK>\n[ 62.610956] ? lock_timer_base+0x61/0x80\n[ 62.614106] find_extend_vma+0x19/0x80\n[ 62.617195] __get_user_pages+0x9b/0x6a0\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\n[ 62.623721] ? finish_wait+0x41/0x80\n[ 62.626748] ? __kmalloc+0x178/0x2f0\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\n[ 62.642620] do_syscall_64+0x3b/0x90\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat's a similar pattern as mmap_read_lock() used together with\nget_user_pages().", }, ], providerMetadata: { dateUpdated: "2024-12-19T07:31:58.212Z", orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", shortName: "Linux", }, references: [ { url: "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543", }, { url: "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176", }, ], title: "nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert", x_generator: { engine: "bippy-5f407fcff5a0", }, }, }, cveMetadata: { assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", assignerShortName: "Linux", cveId: "CVE-2021-46927", datePublished: "2024-02-27T09:43:56.743Z", dateReserved: "2024-02-25T13:45:52.720Z", dateUpdated: "2024-12-19T07:31:58.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.15.0\", \"versionEndExcluding\": \"5.15.13\", \"matchCriteriaId\": \"8CC64BCA-D219-487C-A123-4C470FE30AB2\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\\n\\nAfter commit 5b78ed24e8ec (\\\"mm/pagemap: add mmap_assert_locked()\\nannotations to find_vma*()\\\"), the call to get_user_pages() will trigger\\nthe mmap assert.\\n\\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\\n{\\n\\tlockdep_assert_held(&mm->mmap_lock);\\n\\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\\n}\\n\\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\\n...........................................................\\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\\n...........................................................\\n[ 62.605889] Call Trace:\\n[ 62.608502] <TASK>\\n[ 62.610956] ? lock_timer_base+0x61/0x80\\n[ 62.614106] find_extend_vma+0x19/0x80\\n[ 62.617195] __get_user_pages+0x9b/0x6a0\\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\\n[ 62.623721] ? finish_wait+0x41/0x80\\n[ 62.626748] ? __kmalloc+0x178/0x2f0\\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\\n[ 62.642620] do_syscall_64+0x3b/0x90\\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nUse get_user_pages_unlocked() when setting the enclave memory regions.\\nThat's a similar pattern as mmap_read_lock() used together with\\nget_user_pages().\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Despu\\u00e9s del commit 5b78ed24e8ec (\\\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\\\"), la llamada a get_user_pages( ) activar\\u00e1 la afirmaci\\u00f3n mmap. est\\u00e1tico en l\\u00ednea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [62.521410] \\u00a1ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502] [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patr\\u00f3n similar al mmap_read_lock() usado junto con get_user_pages().\"}]", id: "CVE-2021-46927", lastModified: "2024-11-21T06:34:57.133", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}", published: "2024-02-27T10:15:07.410", references: "[{\"url\": \"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]", sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-46927\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T10:15:07.410\",\"lastModified\":\"2024-11-21T06:34:57.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\\n\\nAfter commit 5b78ed24e8ec (\\\"mm/pagemap: add mmap_assert_locked()\\nannotations to find_vma*()\\\"), the call to get_user_pages() will trigger\\nthe mmap assert.\\n\\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\\n{\\n\\tlockdep_assert_held(&mm->mmap_lock);\\n\\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\\n}\\n\\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\\n...........................................................\\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\\n...........................................................\\n[ 62.605889] Call Trace:\\n[ 62.608502] <TASK>\\n[ 62.610956] ? lock_timer_base+0x61/0x80\\n[ 62.614106] find_extend_vma+0x19/0x80\\n[ 62.617195] __get_user_pages+0x9b/0x6a0\\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\\n[ 62.623721] ? finish_wait+0x41/0x80\\n[ 62.626748] ? __kmalloc+0x178/0x2f0\\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\\n[ 62.642620] do_syscall_64+0x3b/0x90\\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nUse get_user_pages_unlocked() when setting the enclave memory regions.\\nThat's a similar pattern as mmap_read_lock() used together with\\nget_user_pages().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Después del commit 5b78ed24e8ec (\\\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\\\"), la llamada a get_user_pages( ) activará la afirmación mmap. estático en línea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [62.521410] ¡ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502] [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patrón similar al mmap_read_lock() usado junto con get_user_pages().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.0\",\"versionEndExcluding\":\"5.15.13\",\"matchCriteriaId\":\"8CC64BCA-D219-487C-A123-4C470FE30AB2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}", }, }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.