Improper Input Validation Affecting kernel-rt-kvm package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRTKVM-6352353
- published 1 Mar 2024
- disclosed 29 Feb 2024
Introduced: 29 Feb 2024
CVE-2021-47016 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7 kernel-rt-kvm.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-kvm package and not the kernel-rt-kvm package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
Don't clear the timer 1 configuration bits when clearing the interrupt flag and counter overflow. As Michael reported, "This results in no timer interrupts being delivered after the first. Initialization then hangs in calibrate_delay as the jiffies counter is not updated."
On mvme16x, enable the timer after requesting the irq, consistent with mvme147.
References
- https://access.redhat.com/security/cve/CVE-2021-47016
- https://git.kernel.org/stable/c/1dfb26df15fc7036a74221d43de7427f74293dae
- https://git.kernel.org/stable/c/43262178c043032e7c42d00de44c818ba05f9967
- https://git.kernel.org/stable/c/5d34225169346cab5145978d153b9ce90e9ace21
- https://git.kernel.org/stable/c/73fdeb612d25b5e105c219e05434285a45d23576
- https://git.kernel.org/stable/c/f6a90818a32058fca62cda3a2027a6a2364e1878