CVE-2021-47449

{"id": "CVE-2021-47449", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-05-22T07:15:10.050", "references": [{"url": "https://git.kernel.org/stable/c/4d4a223a86afe658cd878800f09458e8bb54415d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/61616be899975404df44c20ab902464b60882cd7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4d4a223a86afe658cd878800f09458e8bb54415d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/61616be899975404df44c20ab902464b60882cd7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix locking for Tx timestamp tracking flush\n\nCommit 4dd0d5c33c3e (\"ice: add lock around Tx timestamp tracker flush\")\nadded a lock around the Tx timestamp tracker flow which is used to\ncleanup any left over SKBs and prepare for device removal.\n\nThis lock is problematic because it is being held around a call to\nice_clear_phy_tstamp. The clear function takes a mutex to send a PHY\nwrite command to firmware. This could lead to a deadlock if the mutex\nactually sleeps, and causes the following warning on a kernel with\npreemption debugging enabled:\n\n[ 715.419426] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:573\n[ 715.427900] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3100, name: rmmod\n[ 715.435652] INFO: lockdep is turned off.\n[ 715.439591] Preemption disabled at:\n[ 715.439594] [<0000000000000000>] 0x0\n[ 715.446678] CPU: 52 PID: 3100 Comm: rmmod Tainted: G W OE 5.15.0-rc4+ #42 bdd7ec3018e725f159ca0d372ce8c2c0e784891c\n[ 715.458058] Hardware name: Intel Corporation S2600STQ/S2600STQ, BIOS SE5C620.86B.02.01.0010.010620200716 01/06/2020\n[ 715.468483] Call Trace:\n[ 715.470940] dump_stack_lvl+0x6a/0x9a\n[ 715.474613] ___might_sleep.cold+0x224/0x26a\n[ 715.478895] __mutex_lock+0xb3/0x1440\n[ 715.482569] ? stack_depot_save+0x378/0x500\n[ 715.486763] ? ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.494979] ? kfree+0xc1/0x520\n[ 715.498128] ? mutex_lock_io_nested+0x12a0/0x12a0\n[ 715.502837] ? kasan_set_free_info+0x20/0x30\n[ 715.507110] ? __kasan_slab_free+0x10b/0x140\n[ 715.511385] ? slab_free_freelist_hook+0xc7/0x220\n[ 715.516092] ? kfree+0xc1/0x520\n[ 715.519235] ? ice_deinit_lag+0x16c/0x220 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.527359] ? ice_remove+0x1cf/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.535133] ? pci_device_remove+0xab/0x1d0\n[ 715.539318] ? __device_release_driver+0x35b/0x690\n[ 715.544110] ? driver_detach+0x214/0x2f0\n[ 715.548035] ? bus_remove_driver+0x11d/0x2f0\n[ 715.552309] ? pci_unregister_driver+0x26/0x250\n[ 715.556840] ? ice_module_exit+0xc/0x2f [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.564799] ? __do_sys_delete_module.constprop.0+0x2d8/0x4e0\n[ 715.570554] ? do_syscall_64+0x3b/0x90\n[ 715.574303] ? entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 715.579529] ? start_flush_work+0x542/0x8f0\n[ 715.583719] ? ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.591923] ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.599960] ? wait_for_completion_io+0x250/0x250\n[ 715.604662] ? lock_acquire+0x196/0x200\n[ 715.608504] ? do_raw_spin_trylock+0xa5/0x160\n[ 715.612864] ice_sbq_rw_reg+0x1e6/0x2f0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.620813] ? ice_reset+0x130/0x130 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.628497] ? __debug_check_no_obj_freed+0x1e8/0x3c0\n[ 715.633550] ? trace_hardirqs_on+0x1c/0x130\n[ 715.637748] ice_write_phy_reg_e810+0x70/0xf0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.646220] ? do_raw_spin_trylock+0xa5/0x160\n[ 715.650581] ? ice_ptp_release+0x910/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.658797] ? ice_ptp_release+0x255/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.667013] ice_clear_phy_tstamp+0x2c/0x110 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.675403] ice_ptp_release+0x408/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.683440] ice_remove+0x560/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]\n[ 715.691037] ? _raw_spin_unlock_irqrestore+0x46/0x73\n[ 715.696005] pci_device_remove+0xab/0x1d0\n[ 715.700018] __device_release_driver+0x35b/0x690\n[ 715.704637] driver_detach+0x214/0x2f0\n[ 715.708389] bus_remove_driver+0x11d/0x2f0\n[ 715.712489] pci_unregister_driver+0x26/0x250\n[ 71\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ice: corrige el bloqueo para el vaciado del seguimiento de la marca de tiempo de Tx. Commit 4dd0d5c33c3e (\"ice: agrega bloqueo alrededor del vaciado del rastreador de marca de tiempo de Tx\") agreg\u00f3 un bloqueo alrededor del flujo del rastreador de marca de tiempo de Tx que se utiliza para la sanitizaci\u00f3n. cualquier SKB sobrante y prep\u00e1rese para retirar el dispositivo. Este bloqueo es problem\u00e1tico porque se mantiene en torno a una llamada a ice_clear_phy_tstamp. La funci\u00f3n de borrado requiere un mutex para enviar un comando de escritura PHY al firmware. Esto podr\u00eda llevar a un punto muerto si el mutex realmente duerme y causa la siguiente advertencia en un kernel con la depuraci\u00f3n de prioridad habilitada: [715.419426] ERROR: funci\u00f3n de dormir llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:573 [715.427900] in_atomic (): 1, irqs_disabled(): 0, non_block: 0, pid: 3100, nombre: rmmod [715.435652] INFORMACI\u00d3N: lockdep est\u00e1 desactivado. [715.439591] Prelaci\u00f3n deshabilitada en: [715.439594] [&lt;0000000000000000&gt;] 0x0 [715.446678] CPU: 52 PID: 3100 Comm: rmmod Contaminado: GW OE 5.15.0-rc4+ #42 bdd7ec3018e725f 159ca0d372ce8c2c0e784891c [ 715.458058] Nombre del hardware: Intel Corporation S2600STQ/ S2600STQ, BIOS SE5C620.86B.02.01.0010.010620200716 06/01/2020 [715.468483] Seguimiento de llamadas: [715.470940] dump_stack_lvl+0x6a/0x9a [715.474613] ___might_sleep. fr\u00edo+0x224/0x26a [ 715.478895] __mutex_lock+0xb3/0x1440 [ 715.482569] ? stack_depot_save+0x378/0x500 [715.486763]? ice_sq_send_cmd+0x78/0x14c0 [hielo 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.494979]? kfree+0xc1/0x520 [ 715.498128] ? mutex_lock_io_nested+0x12a0/0x12a0 [715.502837]? kasan_set_free_info+0x20/0x30 [715.507110]? __kasan_slab_free+0x10b/0x140 [715.511385] ? slab_free_freelist_hook+0xc7/0x220 [715.516092]? kfree+0xc1/0x520 [ 715.519235] ? ice_deinit_lag+0x16c/0x220 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.527359]? ice_remove+0x1cf/0x6a0 [hielo 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.535133]? pci_device_remove+0xab/0x1d0 [715.539318]? __device_release_driver+0x35b/0x690 [715.544110] ? driver_detach+0x214/0x2f0 [715.548035]? bus_remove_driver+0x11d/0x2f0 [715.552309]? pci_unregister_driver+0x26/0x250 [715.556840]? ice_module_exit+0xc/0x2f [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.564799]? __do_sys_delete_module.constprop.0+0x2d8/0x4e0 [715.570554]? do_syscall_64+0x3b/0x90 [715.574303]? entrada_SYSCALL_64_after_hwframe+0x44/0xae [715.579529]? start_flush_work+0x542/0x8f0 [715.583719]? ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.591923] ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc 7da2b3786a421d] [715.599960]? wait_for_completion_io+0x250/0x250 [715.604662]? lock_acquire+0x196/0x200 [715.608504]? do_raw_spin_trylock+0xa5/0x160 [715.612864] ice_sbq_rw_reg+0x1e6/0x2f0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.620813]? ice_reset+0x130/0x130 [hielo 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.628497]? __debug_check_no_obj_freed+0x1e8/0x3c0 [715.633550]? trace_hardirqs_on+0x1c/0x130 [715.637748] ice_write_phy_reg_e810+0x70/0xf0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.646220]? do_raw_spin_trylock+0xa5/0x160 [715.650581]? ice_ptp_release+0x910/0x910 [hielo 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.658797]? ice_ptp_release+0x255/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.667013] ice_clear_phy_tstamp+0x2c/0x110 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3 786a421d] [715.675403] ice_ptp_release+0x408/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [715.683440] ice_remove+0x560/0x6a0 [ice 9a7e1ec00971 c89ecd3fe0d4dc7da2b3786a421d] [715.691037]? _raw_spin_unlock_irqrestore+0x46/0x73 [ 715.696005] pci_device_remove+0xab/0x1d0 [ 715.700018] __device_release_driver+0x35b/0x690 [ 715.704637] driver_detach+0x214/0x2f0 [ 715 .708389] bus_remove_driver+0x11d/0x2f0 [ 715.712489] pci_unregister_driver+0x26/0x250 [ 71 --- truncado---"}], "lastModified": "2025-04-02T15:12:07.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "534014FC-8F58-4B4D-98E1-3E2553FA5879", "versionEndExcluding": "5.14.14", "versionStartIncluding": "5.14.4"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}