admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-470xx/CVE-2021-47023.json
cad-safe-bot fe71c4acaf Auto-Update: 2025-03-19T17:00:20.403250+00:00
2025-03-19 17:03:49 +00:00

145 lines
10 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-47023",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-28T09:15:39.197",
"lastModified": "2025-03-19T15:37:27.183",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix port event handling on init\n\nFor some reason there might be a crash during ports creation if port\nevents are handling at the same time because fw may send initial\nport event with down state.\n\nThe crash points to cancel_delayed_work() which is called when port went\nis down. Currently I did not find out the real cause of the issue, so\nfixed it by cancel port stats work only if previous port's state was up\n& runnig.\n\nThe following is the crash which can be triggered:\n\n[ 28.311104] Unable to handle kernel paging request at virtual address\n000071775f776600\n[ 28.319097] Mem abort info:\n[ 28.321914] ESR = 0x96000004\n[ 28.324996] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 28.330350] SET = 0, FnV = 0\n[ 28.333430] EA = 0, S1PTW = 0\n[ 28.336597] Data abort info:\n[ 28.339499] ISV = 0, ISS = 0x00000004\n[ 28.343362] CM = 0, WnR = 0\n[ 28.346354] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000100bf7000\n[ 28.352842] [000071775f776600] pgd=0000000000000000,\np4d=0000000000000000\n[ 28.359695] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 28.365310] Modules linked in: prestera_pci(+) prestera\nuio_pdrv_genirq\n[ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H Not tainted\n5.11.0-rc4 #1\n[ 28.378846] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 28.384283] Workqueue: prestera_fw_wq prestera_fw_evt_work_fn\n[prestera_pci]\n[ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)\n[ 28.397468] pc : get_work_pool+0x48/0x60\n[ 28.401442] lr : try_to_grab_pending+0x6c/0x1b0\n[ 28.406018] sp : ffff80001391bc60\n[ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000\n[ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88\n[ 28.420089] x25: 0000000000000000 x24: ffff000106119760\n[ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000\n[ 28.430814] x21: 0000000000000000 x20: ffff80001391bcb0\n[ 28.436175] x19: ffff00010775deb8 x18: 00000000000000c0\n[ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88\n[ 28.446898] x15: 0000000000000001 x14: 00000000000002ba\n[ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4\n[ 28.457622] x11: 0000000000000030 x10: 000000000000000c\n[ 28.462985] x9 : 000000000000000c x8 : 0000000000000030\n[ 28.468346] x7 : ffff800014400000 x6 : ffff000106119758\n[ 28.473708] x5 : 0000000000000003 x4 : ffff00010775dc60\n[ 28.479068] x3 : 0000000000000000 x2 : 0000000000000060\n[ 28.484429] x1 : 000071775f776600 x0 : ffff00010775deb8\n[ 28.489791] Call trace:\n[ 28.492259] get_work_pool+0x48/0x60\n[ 28.495874] cancel_delayed_work+0x38/0xb0\n[ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera]\n[ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera]\n[ 28.510683] prestera_fw_evt_work_fn+0x180/0x228 [prestera_pci]\n[ 28.516660] process_one_work+0x1e8/0x360\n[ 28.520710] worker_thread+0x44/0x480\n[ 28.524412] kthread+0x154/0x160\n[ 28.527670] ret_from_fork+0x10/0x38\n[ 28.531290] Code: a8c17bfd d50323bf d65f03c0 9278dc21 (f9400020)\n[ 28.537429] ---[ end trace 5eced933df3a080b ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: marvell: prestera: corrige el manejo de eventos del puerto en init Por alguna raz\u00f3n, puede haber una falla durante la creaci\u00f3n de puertos si los eventos del puerto se manejan al mismo tiempo porque fw puede enviar el puerto inicial evento con estado inactivo. El bloqueo apunta a cancel_delayed_work(), que se llama cuando el puerto est\u00e1 inactivo. Actualmente no descubr\u00ed la causa real del problema, as\u00ed que lo solucion\u00e9 cancelando las estad\u00edsticas del puerto solo si el estado del puerto anterior estaba activo y funcionando. El siguiente es el fallo que se puede desencadenar: [28.311104] No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 000071775f776600 [28.319097] Informaci\u00f3n de cancelaci\u00f3n de memoria: [28.321914] ESR = 0x96000004 [28.324996] EC = 0x25: DABT (EL actual), IL = 32 bits [ 28.330350] SET = 0, FnV = 0 [ 28.333430] EA = 0, S1PTW = 0 [ 28.336597] Informaci\u00f3n de cancelaci\u00f3n de datos: [ 28.339499] ISV = 0, ISS = 0x00000004 [ 28.343362] CM = 0, WnR = 0 [ 28.346354] tabla de p\u00e1ginas de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000100bf7000 [ 28.352842] [000071775f776600] pgd=00000000000000000, p4d=0000000000000000 [ 28.359695] Error interno: Ups: 96000004 [#1] PREEMPT SMP [ 28.365310] M\u00f3dulos vinculados en: prestera_pci(+) prestera uio_pdrv_genirq [ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H No contaminado 5.11.0-rc4 #1 [ 28.378846] Nombre de hardware: DNI Placa AmazonGo1 A7040 (DT) [ 28.384283] Cola de trabajo : prestera_fw_wq prestera_fw_evt_work_fn [prestera_pci] [ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--) [ 28.397468] pc : get_work_pool+0x48/0x60 [ 28.401442] lr : try_to _grab_pending+0x6c/0x1b0 [28.406018] sp : ffff80001391bc60 [ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000 [ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88 [ 28.4200 89] x25: 0000000000000000 x24: ffff000106119760 [ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000 [ 28.430814] x21: 000000000000000000 x20: ffff80001391bcb0 [28.436175] x19: ffff00010775deb8 x18: 00000000000000c0 [ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88 [ 28.446898] x15: 00000000000000 01 x14: 00000000000002ba [ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4 [ 28.457622] x11: 0000000000000030 x10: 00000000000 0000c [28.462985] x9: 000000000000000c x8: 0000000000000030 [28.468346] x7: ffff800014400000 x6: ffff000106119758 [28.473708] x5: 00000000000000003 x4: ffff00010775dc60 [28.4790 68] x3: 0000000000000000 x2: 00000000000000060 [28.484429] x1: 000071775f776600 x0: ffff00010775deb8 [28.489791] Rastreo de llamadas: [28.492259] get_work_pool+ 0x48/ 0x60 [ 28.495874] cancel_delayed_work+0x38/0xb0 [ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera] [ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera] [ 28.510683] prestera_fw _evt_work_fn+0x180/0x228 [prestera_pci] [ 28.516660] proceso_one_work+0x1e8/0x360 [ 28.520710] work_thread+0x44/0x480 [ 28.524412] kthread+0x154/0x160 [ 28.527670] ret_from_fork+0x10/0x38 [ 28.531290] C\u00f3digo: a8c17bfd d50323bf d65f03c0 92 78dc21 (f9400020) [28.537429] ---[ final de seguimiento 5eced933df3a080b ]---"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.37",
"matchCriteriaId": "4E433B72-3E3A-435E-9A66-80D28868BDF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.21",
"matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.4",
"matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0ce6052802be2cb61a57b753e41301339c88c839",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/333980481b99edb24ebd5d1a53af70a15d9146de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9d1ba11fabdd8f25abb24272ef1621417981320b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5bba6ede42693f50ce1c9944315cefed7491061",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0ce6052802be2cb61a57b753e41301339c88c839",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/333980481b99edb24ebd5d1a53af70a15d9146de",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9d1ba11fabdd8f25abb24272ef1621417981320b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5bba6ede42693f50ce1c9944315cefed7491061",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink