CVE-2021-47228

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47228
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47228.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-47228
Related
Published
2024-05-21T15:15:12Z
Modified
2024-10-31T15:35:03Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/ioremap: Map EFI-reserved memory as encrypted for SEV

Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efimemreserve() is used to preserve it by inserting a new EFI memory descriptor and marking it with the EFIMEMORYRUNTIME attribute.

Under SEV, memory marked with the EFIMEMORYRUNTIME attribute needs to be mapped encrypted by Linux, otherwise the kernel might crash at boot like below:

EFI Variables Facility v0.08 2004-May-17 general protection fault, probably for non-canonical address 0x3597688770a868b2: 0000 [#1] SMP NOPTI CPU: 13 PID: 1 Comm: swapper/0 Not tainted 5.12.4-2-default #1 openSUSE Tumbleweed Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:efimokvarentrynext [...] Call Trace: efimokvarsysfsinit ? efimokvartableinit dooneinitcall ? _kmalloc kernelinitfreeable ? restinit kernelinit retfromfork

Expand the _ioremapcheck_other() function to additionally check for this other type of boot data reserved at runtime and indicate that it should be mapped encrypted for an SEV guest.

[ bp: Massage commit message. ]

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}