Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47197

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/04/2024
Last modified:
21/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: nullify cq-&gt;dbg pointer in mlx5_debug_cq_remove()<br /> <br /> Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds<br /> to rest of destroy operations. mlx5_core_destroy_cq() could be called again<br /> by user and cause additional call of mlx5_debug_cq_remove().<br /> cq-&gt;dbg was not nullify in previous call and cause the crash.<br /> <br /> Fix it by nullify cq-&gt;dbg pointer after removal.<br /> <br /> Also proceed to destroy operations only if FW return 0<br /> for MLX5_CMD_OP_DESTROY_CQ command.<br /> <br /> general protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI<br /> CPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014<br /> RIP: 0010:lockref_get+0x1/0x60<br /> Code: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02<br /> 00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 8b 17<br /> 48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48<br /> RSP: 0018:ffff888137dd7a38 EFLAGS: 00010206<br /> RAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe<br /> RDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058<br /> RBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88<br /> R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000<br /> R13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0<br /> FS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000)<br /> knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0<br /> Call Trace:<br /> simple_recursive_removal+0x33/0x2e0<br /> ? debugfs_remove+0x60/0x60<br /> debugfs_remove+0x40/0x60<br /> mlx5_debug_cq_remove+0x32/0x70 [mlx5_core]<br /> mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core]<br /> devx_obj_cleanup+0x151/0x330 [mlx5_ib]<br /> ? __pollwait+0xd0/0xd0<br /> ? xas_load+0x5/0x70<br /> ? xa_load+0x62/0xa0<br /> destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs]<br /> uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs]<br /> uobj_destroy+0x54/0xa0 [ib_uverbs]<br /> ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs]<br /> ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs]<br /> ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs]<br /> __x64_sys_ioctl+0x3e4/0x8e0

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.75 (including) 5.10.82 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.5 (excluding)
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools