Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47212

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/04/2024
Last modified:
27/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Update error handler for UCTX and UMEM<br /> <br /> In the fast unload flow, the device state is set to internal error,<br /> which indicates that the driver started the destroy process.<br /> In this case, when a destroy command is being executed, it should return<br /> MLX5_CMD_STAT_OK.<br /> Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK<br /> instead of EIO.<br /> <br /> This fixes a call trace in the umem release process -<br /> [ 2633.536695] Call Trace:<br /> [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]<br /> [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core]<br /> [ 2633.539641] disable_device+0x8c/0x130 [ib_core]<br /> [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core]<br /> [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core]<br /> [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib]<br /> [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary]<br /> [ 2633.544661] device_release_driver_internal+0x103/0x1f0<br /> [ 2633.545679] bus_remove_device+0xf7/0x170<br /> [ 2633.546640] device_del+0x181/0x410<br /> [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]<br /> [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core]<br /> [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core]<br /> [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core]<br /> [ 2633.551819] pci_device_remove+0x3b/0xc0<br /> [ 2633.552731] device_release_driver_internal+0x103/0x1f0<br /> [ 2633.553746] unbind_store+0xf6/0x130<br /> [ 2633.554657] kernfs_fop_write+0x116/0x190<br /> [ 2633.555567] vfs_write+0xa5/0x1a0<br /> [ 2633.556407] ksys_write+0x4f/0xb0<br /> [ 2633.557233] do_syscall_64+0x5b/0x1a0<br /> [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca<br /> [ 2633.559018] RIP: 0033:0x7f9977132648<br /> [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55<br /> [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001<br /> [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648<br /> [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001<br /> [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740<br /> [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0<br /> [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c<br /> [ 2633.568725] ---[ end trace 10b4fe52945e544d ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.2 (including) 5.15.5 (excluding)
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools