CVE-2021-47060

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't instantiate a new bus, unregister_dev() destroys all devices _except_ the target device. But, it doesn't tell the caller that it obliterated the bus and invoked the destructor for all devices that were on the bus. In the coalesced MMIO case, this can result in a deleted list entry dereference due to attempting to continue iterating on coalesced_zones after future entries (in the walk) have been deleted. Opportunistically add curly braces to the for-loop, which encompasses many lines but sneaks by without braces due to the guts being a single if statement.

6.0
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7d1bc32d6477ff96a32695ea4be8144e4513ab2d patch
https://git.kernel.org/stable/c/2a20592baff59c5351c5200ec667e1a2aa22af85 patch
https://git.kernel.org/stable/c/168e82f640ed1891a700bdb43e37da354b2ab63c patch
https://git.kernel.org/stable/c/50cbad42bfea8c052b7ca590bd4126cdc898713c patch
https://git.kernel.org/stable/c/5d3c4c79384af06e3c8e25b7770b6247496b4417 patch

Frequently Asked Questions

What is the severity of CVE-2021-47060?
CVE-2021-47060 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47060?
To fix CVE-2021-47060, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47060 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47060 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47060?
CVE-2021-47060 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.