CVE-2021-47110

HIGH

Linux Kernel < 5.4.125 - Incomplete Cleanup in KVM Clock Shutdown

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate. Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock remains usable and correct so we don't need to switch to some other clocksource.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a

Patch

https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6

Patch

https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70

Patch

https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046

Scores

CVSS v3 7.1

EPSS 0.0024

EPSS Percentile 15.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-459

Status published

Products (12)

Linux/Linux < 2.6.26

Linux/Linux 1e977aa12dd4f80688b1f243762212e75c6d7fe8 - 1df2dc09926f61319116c80ee85701df33577d70

Linux/Linux 1e977aa12dd4f80688b1f243762212e75c6d7fe8 - 3b0becf8b1ecf642a9edaf4c9628ffc641e490d6

Linux/Linux 1e977aa12dd4f80688b1f243762212e75c6d7fe8 - 9084fe1b3572664ad276f427dce575f580c9799a

Linux/Linux 1e977aa12dd4f80688b1f243762212e75c6d7fe8 - c02027b5742b5aa804ef08a4a9db433295533046

Linux/Linux 2.6.26

Linux/Linux 5.10.43 - 5.10.*

Linux/Linux 5.12.10 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.4.125 - 5.4.*

... and 2 more

Published Mar 15, 2024

Tracked Since Feb 18, 2026