{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:57:13.412","vulnerabilities":[{"cve":{"id":"CVE-2021-47228","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-21T15:15:12.250","lastModified":"2025-04-29T19:49:34.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/ioremap: Map EFI-reserved memory as encrypted for SEV\n\nSome drivers require memory that is marked as EFI boot services\ndata. In order for this memory to not be re-used by the kernel\nafter ExitBootServices(), efi_mem_reserve() is used to preserve it\nby inserting a new EFI memory descriptor and marking it with the\nEFI_MEMORY_RUNTIME attribute.\n\nUnder SEV, memory marked with the EFI_MEMORY_RUNTIME attribute needs to\nbe mapped encrypted by Linux, otherwise the kernel might crash at boot\nlike below:\n\n  EFI Variables Facility v0.08 2004-May-17\n  general protection fault, probably for non-canonical address 0x3597688770a868b2: 0000 [#1] SMP NOPTI\n  CPU: 13 PID: 1 Comm: swapper/0 Not tainted 5.12.4-2-default #1 openSUSE Tumbleweed\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:efi_mokvar_entry_next\n  [...]\n  Call Trace:\n   efi_mokvar_sysfs_init\n   ? efi_mokvar_table_init\n   do_one_initcall\n   ? __kmalloc\n   kernel_init_freeable\n   ? rest_init\n   kernel_init\n   ret_from_fork\n\nExpand the __ioremap_check_other() function to additionally check for\nthis other type of boot data reserved at runtime and indicate that it\nshould be mapped encrypted for an SEV guest.\n\n [ bp: Massage commit message. ]"},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/ioremap: asigne la memoria reservada de EFI como cifrada para SEV. Algunos controladores requieren memoria marcada como datos de servicios de arranque de EFI. Para que el kernel no reutilice esta memoria después de ExitBootServices(), se utiliza efi_mem_reserve() para preservarla insertando un nuevo descriptor de memoria EFI y marcándolo con el atributo EFI_MEMORY_RUNTIME. En SEV, la memoria marcada con el atributo EFI_MEMORY_RUNTIME debe ser asignada cifrada por Linux; de lo contrario, el kernel podría fallar en el arranque como se muestra a continuación: EFI Variables Facility v0.08 2004-May-17 falla de protección general, probablemente para la dirección no canónica 0x3597688770a868b2: 0000 [#1] SMP NOPTI CPU: 13 PID: 1 Comm: swapper/0 No contaminado 5.12.4-2-default #1 openSUSE Tumbleweed Nombre del hardware: PC estándar QEMU (Q35 + ICH9, 2009), BIOS 0.0.0 02 /06/2015 RIP: 0010:efi_mokvar_entry_next [...] Seguimiento de llamadas: efi_mokvar_sysfs_init? efi_mokvar_table_init do_one_initcall? __kmalloc kernel_init_freeable? rest_init kernel_init ret_from_fork Expanda la función __ioremap_check_other() para verificar adicionalmente este otro tipo de datos de arranque reservados en tiempo de ejecución e indicar que deben asignarse cifrados para un invitado SEV. [pb: mensaje de confirmación de masaje. ]"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.46","matchCriteriaId":"FD0C8733-D75B-4E30-9D46-CFE48CF2CC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.12.13","matchCriteriaId":"7806E7E5-6D4F-4E18-81C1-79B3C60EE855"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*","matchCriteriaId":"0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*","matchCriteriaId":"96AC23B2-D46A-49D9-8203-8E1BEDCA8532"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*","matchCriteriaId":"DA610E30-717C-4700-9F77-A3C9244F3BFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*","matchCriteriaId":"1ECD33F5-85BE-430B-8F86-8D7BD560311D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*","matchCriteriaId":"CF351855-2437-4CF5-AD7C-BDFA51F27683"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*","matchCriteriaId":"25A855BA-2118-44F2-90EF-EBBB12AF51EF"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}