CVE-2021-47262

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0

Description The issue is related to the KVM: x86 component of the Linux kernel, where a bug existed since the tracepoint was added, but was recently exposed by a new check in tracing to detect exactly this type of bug. The bug is caused by the fact that the tracepoint itself is defined by kvm, and if kvm-intel and/or kvm-amd are built as modules, the memory holding the string literals defined by the vendor modules will be freed when the module is unloaded, whereas the tracepoint and its data in the ring buffer will live until kvm is unloaded. This can lead to the tracepoint outliving the data/memory it consumes and deferencing stale memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.