CVE-2021-47430

LOW EPSS 12.0%
Published May 21, 20242y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published May 21, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n Commit 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks") added a warning if AC is set when in the kernel. Commit 662a0221893a3d ("x86/entry: Fix AC assertion") changed the warning to only fire if the CPU supports SMAP. However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentry_enter_from_user_mode ... Call Trace: ? irqentry_enter ? exc_general_protection ? asm_exc_general_protection ? asm_exc_general_protectio IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter. To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when !CONFIG_X86_SMAP. Found using entry-fuzz + satrandconfig. [ bp: Massage commit message. ]

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
12.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.8.1  –  <5.10.73
linuxlinux_kernel*≥5.11  –  <5.14.12
linuxlinux_kernel5.8any
linuxlinux_kernel5.8any
linuxlinux_kernel5.8any
linuxlinux_kernel5.8any
linuxlinux_kernel5.8any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3958b9c34c2729597e182cc606cc43942fd19f7c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e9ec1c65da98c293f75d83755dfa5e03075a6d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2447f6587b8ffe42ba04d14ce67d429a1163e5e
    Patch