DEBIAN-CVE-2021-47389

DEBIAN-CVE-2021-47389 PUBLISHED CVSS 5.099999904632568 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sev_decommission in sev_receive_start DECOMMISSION the current SEV context if binding an ASID fails after RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest context and thus needs to be paired with DECOMMISSION: The RECEIVE_START command is the only command other than the LAUNCH_START command that generates a new guest context and guest handle. The missing DECOMMISSION can result in subsequent SEV launch failures, as the firmware leaks memory and might not able to allocate more SEV guest contexts in the future. Note, LAUNCH_START suffered the same bug, but was previously fixed by commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID binding fails").

Risk Scores

CVSS 3.1

5.099999904632568

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:12	linux	0, 0, 0
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0

Timeline

May 21, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-47389 advisory

Open in Interactive Console →