CVE-2021-47110 in Linux
Summary
by MITRE • 03/15/2024
In the Linux kernel, the following vulnerability has been resolved:
x86/kvm: Disable kvmclock on all CPUs on shutdown
Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate.
Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock remains usable and correct so we don't need to switch to some other clocksource.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/09/2025
The vulnerability described in CVE-2021-47110 resides within the Linux kernel's implementation of kernel-based virtual machine virtualization support on x86 architectures. This issue specifically affects the kvmclock functionality which provides virtualized timekeeping for virtual machines. The flaw manifests in how the kernel handles the shutdown sequence of virtual machines, particularly in the machine_shutdown() hook implementation that governs the disabling of kvmclock. The vulnerability represents a memory corruption risk that could potentially lead to system instability or data integrity issues during virtual machine lifecycle operations.
The technical root cause of this vulnerability stems from an incomplete implementation of the kvmclock shutdown mechanism. Currently, the system only disables kvmclock for the boot CPU during the machine_shutdown() hook execution, leaving other CPUs in the virtual machine unaffected. This partial shutdown creates a scenario where memory locations associated with kvmclock remain accessible and potentially writable by the hypervisor even after the shutdown process has begun. According to CWE-682, this represents a flaw in logic where the system fails to properly handle resource cleanup, and the incomplete disablement creates a window of opportunity for memory corruption during critical system transitions.
The operational impact of this vulnerability becomes particularly significant during hibernation restore operations, where the system's ability to maintain consistent timekeeping across all virtual machine CPUs becomes critical. When a virtual machine is suspended and subsequently restored, the inconsistent state of kvmclock across different CPUs can lead to memory corruption patterns that may affect system stability. The vulnerability is further exacerbated by the fact that writing '0' to the kvmclock MSR does not immediately clear the memory location but rather prevents further updates from the hypervisor. This creates a temporal gap where the clock remains functional and correct, but the underlying memory structures may be in an inconsistent state.
The mitigation strategy for this vulnerability requires implementing a comprehensive shutdown mechanism that disables kvmclock on all CPUs rather than just the boot CPU. This approach aligns with the principle of complete resource cleanup and prevents the potential memory corruption scenarios that arise from partial shutdown implementations. The fix ensures that all virtual machine CPUs properly transition to a consistent state during shutdown, eliminating the window where memory corruption could occur during hibernation restore operations. This remediation addresses the fundamental flaw in the machine_shutdown() hook implementation and provides a more robust foundation for virtual machine lifecycle management.
This vulnerability demonstrates the importance of considering all system components during shutdown sequences, particularly in virtualized environments where multiple CPUs may be involved in maintaining consistent system state. The issue highlights the need for comprehensive testing of virtualization features during critical system transitions and the importance of adhering to established security practices for resource management. From an ATT&CK perspective, this vulnerability relates to privilege escalation and system stability manipulation through improper resource handling during system state transitions. The fix ensures that virtual machine environments maintain consistent and predictable behavior during shutdown and restore operations, reducing the attack surface for potential exploitation.