SB2024062585 - Resource management error in Linux kernel include asm
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062585
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2021-46977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_on_user_return() function in arch/x86/kvm/x86.c, within the vmx_create_vcpu() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/31f29749ee970c251b3a7e5b914108425940d089
- https://git.kernel.org/stable/c/5adcdeb57007ccf8ab7ac20bf787ffb6fafb1a94
- https://git.kernel.org/stable/c/e3ea1895df719c4ef87862501bb10d95f4177bed
- https://git.kernel.org/stable/c/5104d7ffcf24749939bea7fdb5378d186473f890
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13