SecuritySpace - CVE-2021-47554

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2021-47554

Description: In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create(). BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0 ... Call Trace: put_iova_domain+0x29/0x220 vdpasim_free+0xd1/0x120 [vdpa_sim] vdpa_release_dev+0x21/0x40 [vdpa] device_release+0x33/0x90 kobject_release+0x63/0x160 vdpasim_create+0x127/0x2a0 [vdpa_sim] vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net] vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa] genl_family_rcv_msg_doit+0x112/0x140 genl_rcv_msg+0xdf/0x1d0 ... So we must make sure the iova_domain is already initialized before put it. In addition, we may get the following warning in this case: WARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70 So we must make sure the iova_cache_put() is invoked only if the iova_cache_get() is already invoked. Let's fix it together.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-47554
https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649
https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649
https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd
https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd

CVE ID:	CVE-2021-47554
Description:	In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create(). BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0 ... Call Trace: put_iova_domain+0x29/0x220 vdpasim_free+0xd1/0x120 [vdpa_sim] vdpa_release_dev+0x21/0x40 [vdpa] device_release+0x33/0x90 kobject_release+0x63/0x160 vdpasim_create+0x127/0x2a0 [vdpa_sim] vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net] vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa] genl_family_rcv_msg_doit+0x112/0x140 genl_rcv_msg+0xdf/0x1d0 ... So we must make sure the iova_domain is already initialized before put it. In addition, we may get the following warning in this case: WARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70 So we must make sure the iova_cache_put() is invoked only if the iova_cache_get() is already invoked. Let's fix it together.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2021-47554 https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649 https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649 https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd