mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
20 lines
2.0 KiB
Markdown
20 lines
2.0 KiB
Markdown
### [CVE-2021-46927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46927)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Description
|
|
|
|
In the Linux kernel, the following vulnerability has been resolved:nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assertAfter commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked()annotations to find_vma*()"), the call to get_user_pages() will triggerthe mmap assert.static inline void mmap_assert_locked(struct mm_struct *mm){ lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);}[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!...........................................................[ 62.538938] RIP: 0010:find_vma+0x32/0x80...........................................................[ 62.605889] Call Trace:[ 62.608502] <TASK>[ 62.610956] ? lock_timer_base+0x61/0x80[ 62.614106] find_extend_vma+0x19/0x80[ 62.617195] __get_user_pages+0x9b/0x6a0[ 62.620356] __gup_longterm_locked+0x42d/0x450[ 62.623721] ? finish_wait+0x41/0x80[ 62.626748] ? __kmalloc+0x178/0x2f0[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves][ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves][ 62.639541] __x64_sys_ioctl+0x82/0xb0[ 62.642620] do_syscall_64+0x3b/0x90[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xaeUse get_user_pages_unlocked() when setting the enclave memory regions.That's a similar pattern as mmap_read_lock() used together withget_user_pages().
|
|
|
|
### POC
|
|
|
|
#### Reference
|
|
No PoCs from references.
|
|
|
|
#### Github
|
|
- https://github.com/fkie-cad/nvd-json-data-feeds
|
|
|