vulnerability

Debian: CVE-2021-47389: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:N/C:N/I:P/A:P)	05/21/2024	07/30/2024	02/20/2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:P/A:P)

Published

05/21/2024

Added

07/30/2024

Modified

02/20/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: fix missing sev_decommission in sev_receive_start

DECOMMISSION the current SEV context if binding an ASID fails after
RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest
context and thus needs to be paired with DECOMMISSION:

The RECEIVE_START command is the only command other than the LAUNCH_START
command that generates a new guest context and guest handle.

The missing DECOMMISSION can result in subsequent SEV launch failures,
as the firmware leaks memory and might not able to allocate more SEV
guest contexts in the future.

Note, LAUNCH_START suffered the same bug, but was previously fixed by
commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID
binding fails").

Solution

debian-upgrade-linux

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today