Linux Kernel up to 5.10.45/5.12.12 __fpu__restore_sig initialization

Summaryinfo

A vulnerability marked as problematic has been reported in Linux Kernel up to 5.10.45/5.12.12. The affected element is the function __fpu__restore_sig. This manipulation causes initialization. This vulnerability is handled as CVE-2021-47227. There is not any exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.10.45/5.12.12. It has been declared as problematic. Affected by this vulnerability is the function __fpu__restore_sig. The manipulation with an unknown input leads to a initialization vulnerability. The CWE definition for the vulnerability is CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invalid state on which XRSTOR will #GP. validate_user_xstate_header() can detect some of that corruption, but that leaves the onus on callers to clear the buffer. Prior to XSAVES support, it was possible just to reinitialize the buffer, completely, but with supervisor states that is not longer possible as the buffer clearing code split got it backwards. Fixing that is possible but not corrupting the state in the first place is more robust. Avoid corruption of the kernel XSAVE buffer by using copy_user_to_xstate() which validates the XSAVE header contents before copying the actual states to the kernel. copy_user_to_xstate() was previously only called for compacted-format kernel buffers, but it works for both compacted and non-compacted forms. Using it for the non-compacted form is slower because of multiple __copy_from_user() operations, but that cost is less important than robust code in an already slow path. [ Changelog polished by Dave Hansen ]

The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2021-47227 since 04/10/2024. Technical details are known, but no exploit is available.

Upgrading to version 5.10.46 or 5.12.13 eliminates this vulnerability. Applying the patch 076f732b16a5/ec25ea1f3f05/484cea4f362e is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.10.0
• 5.10.1
• 5.10.2
• 5.10.3
• 5.10.4
• 5.10.5
• 5.10.6
• 5.10.7
• 5.10.8
• 5.10.9
• 5.10.10
• 5.10.11
• 5.10.12
• 5.10.13
• 5.10.14
• 5.10.15
• 5.10.16
• 5.10.17
• 5.10.18
• 5.10.19
• 5.10.20
• 5.10.21
• 5.10.22
• 5.10.23
• 5.10.24
• 5.10.25
• 5.10.26
• 5.10.27
• 5.10.28
• 5.10.29
• 5.10.30
• 5.10.31
• 5.10.32
• 5.10.33
• 5.10.34
• 5.10.35
• 5.10.36
• 5.10.37
• 5.10.38
• 5.10.39
• 5.10.40
• 5.10.41
• 5.10.42
• 5.10.43
• 5.10.44
• 5.10.45
• 5.12.0
• 5.12.1
• 5.12.2
• 5.12.3
• 5.12.4
• 5.12.5
• 5.12.6
• 5.12.7
• 5.12.8
• 5.12.9
• 5.12.10
• 5.12.11
• 5.12.12

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion