cve/2021/CVE-2021-47130.md

### [CVE-2021-47130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47130)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=c6e3f1339812%3C%20c440cd080761%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:nvmet: fix freeing unallocated p2pmemIn case p2p device was found but the p2p pool is empty, the nvme targetis still trying to free the sgl from the p2p pool instead of theregular sgl pool and causing a crash (BUG() is called). Instead, assignthe p2p_dev for the request only if it was allocated from p2p pool.This is the crash that was caused:[Sun May 30 19:13:53 2021] ------------[ cut here ]------------[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518![Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI...[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!...[Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0...[Sun May 30 19:13:53 2021] Call Trace:[Sun May 30 19:13:53 2021] ------------[ cut here ]------------[Sun May 30 19:13:53 2021]  pci_free_p2pmem+0x2b/0x70[Sun May 30 19:13:53 2021]  pci_p2pmem_free_sgl+0x4f/0x80[Sun May 30 19:13:53 2021]  nvmet_req_free_sgls+0x1e/0x80 [nvmet][Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518![Sun May 30 19:13:53 2021]  nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma][Sun May 30 19:13:53 2021]  nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-47130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47130)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=c6e3f1339812%3C%20c440cd080761%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:nvmet: fix freeing unallocated p2pmemIn case p2p device was found but the p2p pool is empty, the nvme targetis still trying to free the sgl from the p2p pool instead of theregular sgl pool and causing a crash (BUG() is called). Instead, assignthe p2p_dev for the request only if it was allocated from p2p pool.This is the crash that was caused:[Sun May 30 19:13:53 2021] ------------[ cut here ]------------[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518![Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI...[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!...[Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0...[Sun May 30 19:13:53 2021] Call Trace:[Sun May 30 19:13:53 2021] ------------[ cut here ]------------[Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70[Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80[Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet][Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518![Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma][Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/NaInSec/CVE-LIST`