Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47284

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
21/05/2024
Last modified:
02/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> isdn: mISDN: netjet: Fix crash in nj_probe:<br /> <br /> &amp;#39;nj_setup&amp;#39; in netjet.c might fail with -EIO and in this case<br /> &amp;#39;card-&gt;irq&amp;#39; is initialized and is bigger than zero. A subsequent call to<br /> &amp;#39;nj_release&amp;#39; will free the irq that has not been requested.<br /> <br /> Fix this bug by deleting the previous assignment to &amp;#39;card-&gt;irq&amp;#39; and just<br /> keep the assignment before &amp;#39;request_irq&amp;#39;.<br /> <br /> The KASAN&amp;#39;s log reveals it:<br /> <br /> [ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manage.c:1826<br /> free_irq+0x100/0x480<br /> [ 3.355112 ] Modules linked in:<br /> [ 3.355310 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted<br /> 5.13.0-rc1-00144-g25a1298726e #13<br /> [ 3.355816 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS<br /> rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [ 3.356552 ] RIP: 0010:free_irq+0x100/0x480<br /> [ 3.356820 ] Code: 6e 08 74 6f 4d 89 f4 e8 5e ac 09 00 4d 8b 74 24 18<br /> 4d 85 f6 75 e3 e8 4f ac 09 00 8b 75 c8 48 c7 c7 78 c1 2e 85 e8 e0 cf f5<br /> ff 0b 48 8b 75 c0 4c 89 ff e8 72 33 0b 03 48 8b 43 40 4c 8b a0 80<br /> [ 3.358012 ] RSP: 0000:ffffc90000017b48 EFLAGS: 00010082<br /> [ 3.358357 ] RAX: 0000000000000000 RBX: ffff888104dc8000 RCX:<br /> 0000000000000000<br /> [ 3.358814 ] RDX: ffff8881003c8000 RSI: ffffffff8124a9e6 RDI:<br /> 00000000ffffffff<br /> [ 3.359272 ] RBP: ffffc90000017b88 R08: 0000000000000000 R09:<br /> 0000000000000000<br /> [ 3.359732 ] R10: ffffc900000179f0 R11: 0000000000001d04 R12:<br /> 0000000000000000<br /> [ 3.360195 ] R13: ffff888107dc6000 R14: ffff888107dc6928 R15:<br /> ffff888104dc80a8<br /> [ 3.360652 ] FS: 0000000000000000(0000) GS:ffff88817bc00000(0000)<br /> knlGS:0000000000000000<br /> [ 3.361170 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 3.361538 ] CR2: 0000000000000000 CR3: 000000000582e000 CR4:<br /> 00000000000006f0<br /> [ 3.362003 ] DR0: 0000000000000000 DR1: 0000000000000000 DR2:<br /> 0000000000000000<br /> [ 3.362175 ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:<br /> 0000000000000400<br /> [ 3.362175 ] Call Trace:<br /> [ 3.362175 ] nj_release+0x51/0x1e0<br /> [ 3.362175 ] nj_probe+0x450/0x950<br /> [ 3.362175 ] ? pci_device_remove+0x110/0x110<br /> [ 3.362175 ] local_pci_probe+0x45/0xa0<br /> [ 3.362175 ] pci_device_probe+0x12b/0x1d0<br /> [ 3.362175 ] really_probe+0x2a9/0x610<br /> [ 3.362175 ] driver_probe_device+0x90/0x1d0<br /> [ 3.362175 ] ? mutex_lock_nested+0x1b/0x20<br /> [ 3.362175 ] device_driver_attach+0x68/0x70<br /> [ 3.362175 ] __driver_attach+0x124/0x1b0<br /> [ 3.362175 ] ? device_driver_attach+0x70/0x70<br /> [ 3.362175 ] bus_for_each_dev+0xbb/0x110<br /> [ 3.362175 ] ? rdinit_setup+0x45/0x45<br /> [ 3.362175 ] driver_attach+0x27/0x30<br /> [ 3.362175 ] bus_add_driver+0x1eb/0x2a0<br /> [ 3.362175 ] driver_register+0xa9/0x180<br /> [ 3.362175 ] __pci_register_driver+0x82/0x90<br /> [ 3.362175 ] ? w6692_init+0x38/0x38<br /> [ 3.362175 ] nj_init+0x36/0x38<br /> [ 3.362175 ] do_one_initcall+0x7f/0x3d0<br /> [ 3.362175 ] ? rdinit_setup+0x45/0x45<br /> [ 3.362175 ] ? rcu_read_lock_sched_held+0x4f/0x80<br /> [ 3.362175 ] kernel_init_freeable+0x2aa/0x301<br /> [ 3.362175 ] ? rest_init+0x2c0/0x2c0<br /> [ 3.362175 ] kernel_init+0x18/0x190<br /> [ 3.362175 ] ? rest_init+0x2c0/0x2c0<br /> [ 3.362175 ] ? rest_init+0x2c0/0x2c0<br /> [ 3.362175 ] ret_from_fork+0x1f/0x30<br /> [ 3.362175 ] Kernel panic - not syncing: panic_on_warn set ...<br /> [ 3.362175 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted<br /> 5.13.0-rc1-00144-g25a1298726e #13<br /> [ 3.362175 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS<br /> rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [ 3.362175 ] Call Trace:<br /> [ 3.362175 ] dump_stack+0xba/0xf5<br /> [ 3.362175 ] ? free_irq+0x100/0x480<br /> [ 3.362175 ] panic+0x15a/0x3f2<br /> [ 3.362175 ] ? __warn+0xf2/0x150<br /> [ 3.362175 ] ? free_irq+0x100/0x480<br /> [ 3.362175 ] __warn+0x108/0x150<br /> [ 3.362175 ] ? free_irq+0x100/0x480<br /> [ 3.362175 ] report_bug+0x119/0x1c0<br /> [ 3.362175 ] handle_bug+0x3b/0x80<br /> [ 3.362175 ] exc_invalid_op+0x18/0x70<br /> [ 3.362175 ] asm_exc_invalid_op+0x12/0x20<br /> [ 3.362175 ] RIP: 0010:free_irq+0x100<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 4.70 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
4.70
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.4.273 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.5 (including) 4.9.273 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.10 (including) 4.14.237 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.195 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.126 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.44 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.12.11 (excluding)
cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools