Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47019

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/02/2024
Last modified:
08/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7921: fix possible invalid register access<br /> <br /> Disable the interrupt and synchronze for the pending irq handlers to ensure<br /> the irq tasklet is not being scheduled after the suspend to avoid the<br /> possible invalid register access acts when the host pcie controller is<br /> suspended.<br /> <br /> [17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs<br /> [17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00<br /> [17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs<br /> [17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc<br /> [17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs<br /> <br /> ...<br /> <br /> 17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300<br /> [17933.620666] Call trace:<br /> [17933.623127] mt76_mmio_rr+0x28/0xf0 [mt76]<br /> [17933.627234] mt7921_rr+0x38/0x44 [mt7921e]<br /> [17933.631339] mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]<br /> [17933.636309] tasklet_action_common+0x12c/0x16c<br /> [17933.640754] tasklet_action+0x24/0x2c<br /> [17933.644418] __do_softirq+0x16c/0x344<br /> [17933.648082] irq_exit+0xa8/0xac<br /> [17933.651224] scheduler_ipi+0xd4/0x148<br /> [17933.654890] handle_IPI+0x164/0x2d4<br /> [17933.658379] gic_handle_irq+0x140/0x178<br /> [17933.662216] el1_irq+0xb8/0x180<br /> [17933.665361] cpuidle_enter_state+0xf8/0x204<br /> [17933.669544] cpuidle_enter+0x38/0x4c<br /> [17933.673122] do_idle+0x1a4/0x2a8<br /> [17933.676352] cpu_startup_entry+0x24/0x28<br /> [17933.680276] rest_init+0xd4/0xe0<br /> [17933.683508] arch_call_rest_init+0x10/0x18<br /> [17933.687606] start_kernel+0x340/0x3b4<br /> [17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)<br /> [17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---<br /> [17933.767846] Kernel panic - not syncing: Fatal exception in interrupt

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 5.12.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools