CVE-2021-47430

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47430
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47430.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47430
Related
Published
2024-05-21T15:15:28Z
Modified
2024-09-11T04:41:10.808603Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n

Commit

3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks")

added a warning if AC is set when in the kernel.

Commit

662a0221893a3d ("x86/entry: Fix AC assertion")

changed the warning to only fire if the CPU supports SMAP.

However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example:

------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentryenterfromusermode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentryenterfromusermode ... Call Trace: ? irqentryenter ? excgeneralprotection ? asmexcgeneralprotection ? asmexcgeneral_protectio

ISENABLED(CONFIGX86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter.

To be consistent with "nosmap" behaviour, clear X86FEATURESMAP when !CONFIGX86SMAP.

Found using entry-fuzz + satrandconfig.

[ bp: Massage commit message. ]

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}