CVE-2021-47271
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
04/04/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler<br />
<br />
Patch fixes the following critical issue caused by deadlock which has been<br />
detected during testing NCM class:<br />
<br />
smp: csd: Detected non-responsive CSD lock (#1) on CPU#0<br />
smp: csd: CSD lock (#1) unresponsive.<br />
....<br />
RIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0<br />
RSP: 0018:ffffbc494011cde0 EFLAGS: 00000002<br />
RAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000000000000<br />
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658<br />
RBP: ffffbc494011cde0 R08: 0000000000000001 R09: 0000000000000000<br />
R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658<br />
R13: ffff9ee8116b4670 R14: 0000000000000246 R15: ffff9ee8116b4658<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0<br />
Call Trace:<br />
<br />
do_raw_spin_lock+0xc0/0xd0<br />
_raw_spin_lock_irqsave+0x95/0xa0<br />
cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci]<br />
usb_ep_queue+0x35/0x110<br />
eth_start_xmit+0x220/0x3d0 [u_ether]<br />
ncm_tx_timeout+0x34/0x40 [usb_f_ncm]<br />
? ncm_free_inst+0x50/0x50 [usb_f_ncm]<br />
__hrtimer_run_queues+0xac/0x440<br />
hrtimer_run_softirq+0x8c/0xb0<br />
__do_softirq+0xcf/0x428<br />
asm_call_irq_on_stack+0x12/0x20<br />
<br />
do_softirq_own_stack+0x61/0x70<br />
irq_exit_rcu+0xc1/0xd0<br />
sysvec_apic_timer_interrupt+0x52/0xb0<br />
asm_sysvec_apic_timer_interrupt+0x12/0x20<br />
RIP: 0010:do_raw_spin_trylock+0x18/0x40<br />
RSP: 0018:ffffbc494138bda8 EFLAGS: 00000246<br />
RAX: 0000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000000<br />
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9ee8116b4658<br />
RBP: ffffbc494138bda8 R08: 0000000000000001 R09: 0000000000000000<br />
R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658<br />
R13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000<br />
_raw_spin_lock+0x3d/0x70<br />
? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]<br />
cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]<br />
? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci]<br />
? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci]<br />
? irq_thread+0xa0/0x1c0<br />
irq_thread_fn+0x28/0x60<br />
irq_thread+0x105/0x1c0<br />
? __kthread_parkme+0x42/0x90<br />
? irq_forced_thread_fn+0x90/0x90<br />
? wake_threads_waitq+0x30/0x30<br />
? irq_thread_check_affinity+0xe0/0xe0<br />
kthread+0x12a/0x160<br />
? kthread_park+0x90/0x90<br />
ret_from_fork+0x22/0x30<br />
<br />
The root cause of issue is spin_lock/spin_unlock instruction instead<br />
spin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler<br />
function.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.12.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page