Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47229

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
29/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: aardvark: Fix kernel panic during PIO transfer<br /> <br /> Trying to start a new PIO transfer by writing value 0 in PIO_START register<br /> when previous transfer has not yet completed (which is indicated by value 1<br /> in PIO_START) causes an External Abort on CPU, which results in kernel<br /> panic:<br /> <br /> SError Interrupt on CPU0, code 0xbf000002 -- SError<br /> Kernel panic - not syncing: Asynchronous SError Interrupt<br /> <br /> To prevent kernel panic, it is required to reject a new PIO transfer when<br /> previous one has not finished yet.<br /> <br /> If previous PIO transfer is not finished yet, the kernel may issue a new<br /> PIO request only if the previous PIO transfer timed out.<br /> <br /> In the past the root cause of this issue was incorrectly identified (as it<br /> often happens during link retraining or after link down event) and special<br /> hack was implemented in Trusted Firmware to catch all SError events in EL3,<br /> to ignore errors with code 0xbf000002 and not forwarding any other errors<br /> to kernel and instead throw panic from EL3 Trusted Firmware handler.<br /> <br /> Links to discussion and patches about this issue:<br /> https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50<br /> https://lore.kernel.org/linux-pci/20190316161243.29517-1-repk@triplefau.lt/<br /> https://lore.kernel.org/linux-pci/971be151d24312cc533989a64bd454b4@www.loen.fr/<br /> https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1541<br /> <br /> But the real cause was the fact that during link retraining or after link<br /> down event the PIO transfer may take longer time, up to the 1.44s until it<br /> times out. This increased probability that a new PIO transfer would be<br /> issued by kernel while previous one has not finished yet.<br /> <br /> After applying this change into the kernel, it is possible to revert the<br /> mentioned TF-A hack and SError events do not have to be caught in TF-A EL3.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.240 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.198 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.128 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.46 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.12.13 (excluding)
cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools