CVE-2021-47389 : In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: f

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sev_decommission in sev_receive_start DECOMMISSION the current SEV context if binding an ASID fails after RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest context and thus needs to be paired with DECOMMISSION: The RECEIVE_START command is the only command other than the LAUNCH_START command that generates a new guest context and guest handle. The missing DECOMMISSION can result in subsequent SEV launch failures, as the firmware leaks memory and might not able to allocate more SEV guest contexts in the future. Note, LAUNCH_START suffered the same bug, but was previously fixed by commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID binding fails").

Published 2024-05-21 15:15:24

Updated 2025-04-02 14:52:16

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47389

Linux » Linux Kernel
Versions from including (>=) 5.13 and before (<) 5.14.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC1
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC2
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC3
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47389

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47389

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	2.5	2.5	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2021-47389

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2021-47389

https://git.kernel.org/stable/c/efd7866e114dcb44f86d151e843f8276b7efbc67

KVM: SVM: fix missing sev_decommission in sev_receive_start - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/f1815e0aa770f2127c5df31eb5c2f0e37b60fa77

KVM: SVM: fix missing sev_decommission in sev_receive_start - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47389

Products affected by CVE-2021-47389

Exploit prediction scoring system (EPSS) score for CVE-2021-47389

CVSS scores for CVE-2021-47389

CWE ids for CVE-2021-47389

References for CVE-2021-47389