Unrated severityNVD Advisory· Published May 21, 2024· Updated May 4, 2025

x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n

CVE-2021-47430

Description

In the Linux kernel, the following vulnerability has been resolved:

Commit

3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks")

added a warning if AC is set when in the kernel.

Commit

662a0221893a3d ("x86/entry: Fix AC assertion")

changed the warning to only fire if the CPU supports SMAP.

However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example:

------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentry_enter_from_user_mode ... Call Trace: ? irqentry_enter ? exc_general_protection ? asm_exc_general_protection ? asm_exc_general_protectio

IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter.

To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when !CONFIG_X86_SMAP.

Found using entry-fuzz + satrandconfig.

[ bp: Massage commit message. ]

Affected products

100

osv-coords99 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_27&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.3
< 5.14.21-150500.55.68.1+ 98 more
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2.150400.24.58.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 1-150400.9.3.2
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150400.15.82.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150400.24.122.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150400.24.122.2
- (no CPE)range: < 5.14.21-150400.24.122.2
Linux/Linuxcpe-rescue
Range: 5.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000