{"timestamp":"2024-04-12T16:35:56.915589Z","id":"CVE-2021-47214","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c7b1850dfb41d0b4154aca8dbc04777fbd75616f","lessThan":"b5069d44e2fbc4a9093d005b3ef0949add3dd27e","versionType":"git","status":"affected"},{"version":"c7b1850dfb41d0b4154aca8dbc04777fbd75616f","lessThan":"cc30042df6fcc82ea18acf0dace831503e60a0b7","versionType":"git","status":"affected"},{"version":"515b6124df6a84c957c5cc6bb6e8309dae7b1e9c","versionType":"git","status":"affected"},{"version":"5.13.13","lessThan":"5.14","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","versionType":"semver","status":"unaffected"},{"version":"5.15.5","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"5.16","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401

OR
          *cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.14 up to (excluding) 5.15.5
          *cpe:2.3:o:linux:linux_kernel:5.13.13:*:*:*:*:*:*:*

CVE: https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e Types: Patch

CVE: https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7 Types: Patch

kernel.org: https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e Types: Patch

kernel.org: https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7 Types: Patch

https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e

https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7

In the Linux kernel, the following vulnerability has been resolved:

hugetlb, userfaultfd: fix reservation restore on userfaultfd error

Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we
bail out using "goto out_release_unlock;" in the cases where idx >=
size, or !huge_pte_none(), the code will detect that new_pagecache_page
== false, and so call restore_reserve_on_error().  In this case I see
restore_reserve_on_error() delete the reservation, and the following
call to remove_inode_hugepages() will increment h->resv_hugepages
causing a 100% reproducible leak.

We should treat the is_continue case similar to adding a page into the
pagecache and set new_pagecache_page to true, to indicate that there is
no reservation to restore on the error path, and we need not call
restore_reserve_on_error().  Rename new_pagecache_page to
page_in_pagecache to make that clear.

kernel.org https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e [No types assigned]

kernel.org https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7 [No types assigned]