CVE-2021-47228

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.45/5.12.12

Description The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some drivers require memory to be preserved after ExitBootServices() by inserting a new EFI memory descriptor and marking it with the EFI MEMORY RUNTIME attribute. The kernel needs to map this memory encrypted to prevent crashes. The ioremap check other() function has been expanded to check for this type of boot data reserved at runtime and indicate that it should be mapped encrypted for an SEV guest.

Recommendations To resolve the issue, upgrade the Linux kernel to a version newer than 5.10.45/5.12.12. This upgrade will include the necessary changes to the ioremap check other() function to properly handle EFI-reserved memory under SEV, preventing potential kernel crashes at boot.