cve-2021-47430
Vulnerability from cvelistv5
Published
2024-05-21 15:04
Modified
2024-12-19 07:41
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n Commit 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks") added a warning if AC is set when in the kernel. Commit 662a0221893a3d ("x86/entry: Fix AC assertion") changed the warning to only fire if the CPU supports SMAP. However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentry_enter_from_user_mode ... Call Trace: ? irqentry_enter ? exc_general_protection ? asm_exc_general_protection ? asm_exc_general_protectio IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter. To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when !CONFIG_X86_SMAP. Found using entry-fuzz + satrandconfig. [ bp: Massage commit message. ]
Impacted products
Vendor Product Version
Linux Linux Version: 5.8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47430",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:16:26.363902Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T21:23:00.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f2447f6587b8ffe42ba04d14ce67d429a1163e5e",
              "status": "affected",
              "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
              "versionType": "git"
            },
            {
              "lessThan": "4e9ec1c65da98c293f75d83755dfa5e03075a6d0",
              "status": "affected",
              "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
              "versionType": "git"
            },
            {
              "lessThan": "3958b9c34c2729597e182cc606cc43942fd19f7c",
              "status": "affected",
              "version": "3c73b81a9164d0c1b6379d6672d2772a9e95168e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.73",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n\n\nCommit\n\n  3c73b81a9164 (\"x86/entry, selftests: Further improve user entry sanity checks\")\n\nadded a warning if AC is set when in the kernel.\n\nCommit\n\n  662a0221893a3d (\"x86/entry: Fix AC assertion\")\n\nchanged the warning to only fire if the CPU supports SMAP.\n\nHowever, the warning can still trigger on a machine that supports SMAP\nbut where it\u0027s disabled in the kernel config and when running the\nsyscall_nt selftest, for example:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode\n  CPU: 0 PID: 49 Comm: init Tainted: G                T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\n  RIP: 0010:irqentry_enter_from_user_mode\n  ...\n  Call Trace:\n   ? irqentry_enter\n   ? exc_general_protection\n   ? asm_exc_general_protection\n   ? asm_exc_general_protectio\n\nIS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but\neven this would not be enough in case SMAP is disabled at boot time with\nthe \"nosmap\" parameter.\n\nTo be consistent with \"nosmap\" behaviour, clear X86_FEATURE_SMAP when\n!CONFIG_X86_SMAP.\n\nFound using entry-fuzz + satrandconfig.\n\n [ bp: Massage commit message. ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T07:41:50.021Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c"
        }
      ],
      "title": "x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47430",
    "datePublished": "2024-05-21T15:04:15.352Z",
    "dateReserved": "2024-05-21T14:58:30.829Z",
    "dateUpdated": "2024-12-19T07:41:50.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47430\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:28.400\",\"lastModified\":\"2024-11-21T06:36:07.653\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nx86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n\\n\\nCommit\\n\\n  3c73b81a9164 (\\\"x86/entry, selftests: Further improve user entry sanity checks\\\")\\n\\nadded a warning if AC is set when in the kernel.\\n\\nCommit\\n\\n  662a0221893a3d (\\\"x86/entry: Fix AC assertion\\\")\\n\\nchanged the warning to only fire if the CPU supports SMAP.\\n\\nHowever, the warning can still trigger on a machine that supports SMAP\\nbut where it\u0027s disabled in the kernel config and when running the\\nsyscall_nt selftest, for example:\\n\\n  ------------[ cut here ]------------\\n  WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode\\n  CPU: 0 PID: 49 Comm: init Tainted: G                T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905\\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\\n  RIP: 0010:irqentry_enter_from_user_mode\\n  ...\\n  Call Trace:\\n   ? irqentry_enter\\n   ? exc_general_protection\\n   ? asm_exc_general_protection\\n   ? asm_exc_general_protectio\\n\\nIS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but\\neven this would not be enough in case SMAP is disabled at boot time with\\nthe \\\"nosmap\\\" parameter.\\n\\nTo be consistent with \\\"nosmap\\\" behaviour, clear X86_FEATURE_SMAP when\\n!CONFIG_X86_SMAP.\\n\\nFound using entry-fuzz + satrandconfig.\\n\\n [ bp: Massage commit message. ]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/entry: borra X86_FEATURE_SMAP cuando CONFIG_X86_SMAP=n confirmaci\u00f3n 3c73b81a9164 (\\\"x86/entry, selftests: mejora a\u00fan m\u00e1s las comprobaciones de seguridad de entrada del usuario\\\") agreg\u00f3 una advertencia si AC est\u00e1 configurado en el n\u00facleo. La confirmaci\u00f3n 662a0221893a3d (\\\"x86/entry: Reparar aserci\u00f3n de AC\\\") cambi\u00f3 la advertencia para que solo se active si la CPU admite SMAP. Sin embargo, la advertencia a\u00fan puede activarse en una m\u00e1quina que admite SMAP pero donde est\u00e1 deshabilitado en la configuraci\u00f3n del kernel y cuando se ejecuta la autoprueba syscall_nt, por ejemplo: ------------[ cortar aqu\u00ed ]--- --------- ADVERTENCIA: CPU: 0 PID: 49 en irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: GT 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 01/04/2014 RIP: 0010:irqentry_enter_from_user_mode... Seguimiento de llamadas:? irqentry_enter? exc_general_protection? asm_exc_general_protection? Se podr\u00eda agregar asm_exc_general_protectio IS_ENABLED(CONFIG_X86_SMAP) a la condici\u00f3n de advertencia, pero incluso esto no ser\u00eda suficiente en caso de que SMAP est\u00e9 deshabilitado en el momento del arranque con el par\u00e1metro \\\"nosmap\\\". Para ser coherente con el comportamiento de \\\"nosmap\\\", borre X86_FEATURE_SMAP cuando !CONFIG_X86_SMAP. Encontrado usando Entry-fuzz + satrandconfig. [pb: mensaje de confirmaci\u00f3n de masaje. ]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.