{ "id": "CVE-2021-47463", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-22T07:15:11.193", "lastModified": "2025-01-15T18:31:45.747", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()\n\nCheck for a NULL page->mapping before dereferencing the mapping in\npage_is_secretmem(), as the page's mapping can be nullified while gup()\nis running, e.g. by reclaim or truncation.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000068\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 6 PID: 4173897 Comm: CPU 3/KVM Tainted: G W\n RIP: 0010:internal_get_user_pages_fast+0x621/0x9d0\n Code: <48> 81 7a 68 80 08 04 bc 0f 85 21 ff ff 8 89 c7 be\n RSP: 0018:ffffaa90087679b0 EFLAGS: 00010046\n RAX: ffffe3f37905b900 RBX: 00007f2dd561e000 RCX: ffffe3f37905b934\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffe3f37905b900\n ...\n CR2: 0000000000000068 CR3: 00000004c5898003 CR4: 00000000001726e0\n Call Trace:\n get_user_pages_fast_only+0x13/0x20\n hva_to_pfn+0xa9/0x3e0\n try_async_pf+0xa1/0x270\n direct_page_fault+0x113/0xad0\n kvm_mmu_page_fault+0x69/0x680\n vmx_handle_exit+0xe1/0x5d0\n kvm_arch_vcpu_ioctl_run+0xd81/0x1c70\n kvm_vcpu_ioctl+0x267/0x670\n __x64_sys_ioctl+0x83/0xa0\n do_syscall_64+0x56/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae" }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/secretmem: corrige la p\u00e1gina NULL->desreferencia de mapeo en page_is_secretmem() Verifique si hay una p\u00e1gina NULL->mapping antes de desreferenciar el mapeo en page_is_secretmem(), ya que el mapeo de la p\u00e1gina puede ser anulado mientras se ejecuta gup(), por ejemplo, mediante recuperaci\u00f3n o truncamiento. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000068 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 6 PID: 4173897 Comunicaciones: CPU 3/KVM contaminada: GW RIP: 0010:internal_get_user_pages_fast+0x621/0x9d0 C\u00f3digo: <48> 81 7a 68 80 08 04 bc 0f 85 21 ff ff 8 89 c7 be RSP: ffffaa90087679 b0 EFLAGS: 00010046 RAX: ffffe3f37905b900 RBX: 00007f2dd561e000 RCX: ffffe3f37905b934 RDX: 0000000000000000 RSI: 00000000000000000 RDI: ffffe3f37905b900 ... CR2: 0000068 CR3: 00000004c5898003 CR4: 00000000001726e0 Seguimiento de llamadas: get_user_pages_fast_only+0x13/0x20 hva_to_pfn+0xa9/0x3e0 try_async_pf+0xa1/0x270 direct_page_fault+0x113/ 0xad0 kvm_mmu_page_fault+0x69/0x680 vmx_handle_exit+0xe1/0x5d0 kvm_arch_vcpu_ioctl_run+0xd81/0x1c70 kvm_vcpu_ioctl+0x267/0x670 __x64_sys_ioctl+0x83/0xa0 scall_64+0x56/0x80 entrada_SYSCALL_64_after_hwframe+0x44/0xae" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-476" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.14.15", "matchCriteriaId": "7B0C1B4E-5CC9-4DDA-BCEF-02A0A22BBE53" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*", "matchCriteriaId": "9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*", "matchCriteriaId": "EBD45831-4B79-42BC-ABC0-86870F0DEA89" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/79f9bc5843142b649575f887dccdf1c07ad75c20", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/b77ba1e02345bafd703f0d407bdbd88c3be1f767", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/79f9bc5843142b649575f887dccdf1c07ad75c20", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/b77ba1e02345bafd703f0d407bdbd88c3be1f767", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] } ] }