Resource Injection Affecting kernel-rt-debug-devel package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-KERNELRTDEBUGDEVEL-6983048
- published 22 May 2024
- disclosed 21 May 2024
Introduced: 21 May 2024
CVE-2021-47389 Open this link in a new tabHow to fix?
There is no fixed version for Centos:8
kernel-rt-debug-devel
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-debug-devel
package and not the kernel-rt-debug-devel
package as distributed by Centos
.
See How to fix?
for Centos:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: fix missing sev_decommission in sev_receive_start
DECOMMISSION the current SEV context if binding an ASID fails after RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest context and thus needs to be paired with DECOMMISSION:
The RECEIVE_START command is the only command other than the LAUNCH_START
command that generates a new guest context and guest handle.
The missing DECOMMISSION can result in subsequent SEV launch failures, as the firmware leaks memory and might not able to allocate more SEV guest contexts in the future.
Note, LAUNCH_START suffered the same bug, but was previously fixed by commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID binding fails").