CVE-2021-47242 (GCVE-0-2021-47242)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:19 – Updated: 2025-05-07 19:56
VLAI?
Title
mptcp: fix soft lookup in subflow_error_report()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix soft lookup in subflow_error_report()
Maxim reported a soft lookup in subflow_error_report():
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]
RIP: 0010:native_queued_spin_lock_slowpath
RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202
RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88
RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4
R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88
R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700
FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0
Call Trace:
<IRQ>
_raw_spin_lock_bh
subflow_error_report
mptcp_subflow_data_available
__mptcp_move_skbs_from_subflow
mptcp_data_ready
tcp_data_queue
tcp_rcv_established
tcp_v4_do_rcv
tcp_v4_rcv
ip_protocol_deliver_rcu
ip_local_deliver_finish
__netif_receive_skb_one_core
netif_receive_skb
rtl8139_poll 8139too
__napi_poll
net_rx_action
__do_softirq
__irq_exit_rcu
common_interrupt
</IRQ>
The calling function - mptcp_subflow_data_available() - can be invoked
from different contexts:
- plain ssk socket lock
- ssk socket lock + mptcp_data_lock
- ssk socket lock + mptcp_data_lock + msk socket lock.
Since subflow_error_report() tries to acquire the mptcp_data_lock, the
latter two call chains will cause soft lookup.
This change addresses the issue moving the error reporting call to
outer functions, where the held locks list is known and the we can
acquire only the needed one.
Severity ?
7.8 (High)
CWE
- CWE-667 - Improper Locking
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "27ef25c72373",
"status": "affected",
"version": "15cc10453398",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "499ada507336",
"status": "affected",
"version": "15cc10453398",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.13",
"status": "unaffected",
"version": "5.12.13",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:56:51.928211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:56:57.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c",
"net/mptcp/subflow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d",
"status": "affected",
"version": "15cc10453398c22f78f6c2b897119ecce5e5dd89",
"versionType": "git"
},
{
"lessThan": "499ada5073361c631f2a3c4a8aed44d53b6f82ec",
"status": "affected",
"version": "15cc10453398c22f78f6c2b897119ecce5e5dd89",
"versionType": "git"
},
{
"status": "affected",
"version": "c8ad65cb5051498b8a58be40499db9e930f0092e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c",
"net/mptcp/subflow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix soft lookup in subflow_error_report()\n\nMaxim reported a soft lookup in subflow_error_report():\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]\n RIP: 0010:native_queued_spin_lock_slowpath\n RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202\n RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88\n RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4\n R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88\n R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700\n FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0\n Call Trace:\n \u003cIRQ\u003e\n _raw_spin_lock_bh\n subflow_error_report\n mptcp_subflow_data_available\n __mptcp_move_skbs_from_subflow\n mptcp_data_ready\n tcp_data_queue\n tcp_rcv_established\n tcp_v4_do_rcv\n tcp_v4_rcv\n ip_protocol_deliver_rcu\n ip_local_deliver_finish\n __netif_receive_skb_one_core\n netif_receive_skb\n rtl8139_poll 8139too\n __napi_poll\n net_rx_action\n __do_softirq\n __irq_exit_rcu\n common_interrupt\n \u003c/IRQ\u003e\n\nThe calling function - mptcp_subflow_data_available() - can be invoked\nfrom different contexts:\n- plain ssk socket lock\n- ssk socket lock + mptcp_data_lock\n- ssk socket lock + mptcp_data_lock + msk socket lock.\n\nSince subflow_error_report() tries to acquire the mptcp_data_lock, the\nlatter two call chains will cause soft lookup.\n\nThis change addresses the issue moving the error reporting call to\nouter functions, where the held locks list is known and the we can\nacquire only the needed one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:18.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d"
},
{
"url": "https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec"
}
],
"title": "mptcp: fix soft lookup in subflow_error_report()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47242",
"datePublished": "2024-05-21T14:19:41.665Z",
"dateReserved": "2024-04-10T18:59:19.532Z",
"dateUpdated": "2025-05-07T19:56:57.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix soft lookup in subflow_error_report()\\n\\nMaxim reported a soft lookup in subflow_error_report():\\n\\n watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]\\n RIP: 0010:native_queued_spin_lock_slowpath\\n RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202\\n RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000\\n RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88\\n RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4\\n R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88\\n R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700\\n FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0\\n Call Trace:\\n \u003cIRQ\u003e\\n _raw_spin_lock_bh\\n subflow_error_report\\n mptcp_subflow_data_available\\n __mptcp_move_skbs_from_subflow\\n mptcp_data_ready\\n tcp_data_queue\\n tcp_rcv_established\\n tcp_v4_do_rcv\\n tcp_v4_rcv\\n ip_protocol_deliver_rcu\\n ip_local_deliver_finish\\n __netif_receive_skb_one_core\\n netif_receive_skb\\n rtl8139_poll 8139too\\n __napi_poll\\n net_rx_action\\n __do_softirq\\n __irq_exit_rcu\\n common_interrupt\\n \u003c/IRQ\u003e\\n\\nThe calling function - mptcp_subflow_data_available() - can be invoked\\nfrom different contexts:\\n- plain ssk socket lock\\n- ssk socket lock + mptcp_data_lock\\n- ssk socket lock + mptcp_data_lock + msk socket lock.\\n\\nSince subflow_error_report() tries to acquire the mptcp_data_lock, the\\nlatter two call chains will cause soft lookup.\\n\\nThis change addresses the issue moving the error reporting call to\\nouter functions, where the held locks list is known and the we can\\nacquire only the needed one.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: mptcp: corrige una b\\u00fasqueda suave en subflow_error_report(). Maxim inform\\u00f3 una b\\u00fasqueda suave en subflow_error_report(): vigilancia: ERROR: bloqueo suave - \\u00a1CPU#0 bloqueada durante 22 segundos! [swapper/0:0] RIP: 0010:native_queued_spin_lock_slowpath RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202 RAX: 0000000000000101 RBX: 0000000000000001 RCX: 000000000 0000000 RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88 RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4 :ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88 R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700 FS: 0000000000000000(0000) 1961f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c000407000 CR3: 0000000002988000 00000000000006f0 Seguimiento de llamadas: _raw_spin_lock_bh subflow_error_report mptcp_subflow_data_available __mptcp_move_skbs_from_subflow mptcp_data_ready tcp_data_queue tcp_rcv_establecido tcp_v4_do_rcv tcp_v4_rcv liver_rcu ip_local_deliver_finish __netif_receive_skb_one_core netif_receive_skb rtl8139_poll 8139too __napi_poll net_rx_action __do_softirq __irq_exit_rcu common_interrupt La funci\\u00f3n de llamada, mptcp_subflow_data_available(), se puede invocar desde diferentes contextos: - enchufe ssk lock - bloqueo de socket ssk + mptcp_data_lock - bloqueo de socket ssk + mptcp_data_lock + bloqueo de socket msk. Dado que subflow_error_report() intenta adquirir mptcp_data_lock, las dos \\u00faltimas cadenas de llamadas provocar\\u00e1n una b\\u00fasqueda suave. Este cambio soluciona el problema de mover la llamada de informe de errores a funciones externas, donde se conoce la lista de bloqueos retenidos y solo podemos adquirir el que necesitamos.\"}]",
"id": "CVE-2021-47242",
"lastModified": "2024-11-21T06:35:42.343",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2024-05-21T15:15:13.327",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-47242\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:13.327\",\"lastModified\":\"2025-04-04T14:30:32.843\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix soft lookup in subflow_error_report()\\n\\nMaxim reported a soft lookup in subflow_error_report():\\n\\n watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]\\n RIP: 0010:native_queued_spin_lock_slowpath\\n RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202\\n RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000\\n RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88\\n RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4\\n R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88\\n R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700\\n FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0\\n Call Trace:\\n \u003cIRQ\u003e\\n _raw_spin_lock_bh\\n subflow_error_report\\n mptcp_subflow_data_available\\n __mptcp_move_skbs_from_subflow\\n mptcp_data_ready\\n tcp_data_queue\\n tcp_rcv_established\\n tcp_v4_do_rcv\\n tcp_v4_rcv\\n ip_protocol_deliver_rcu\\n ip_local_deliver_finish\\n __netif_receive_skb_one_core\\n netif_receive_skb\\n rtl8139_poll 8139too\\n __napi_poll\\n net_rx_action\\n __do_softirq\\n __irq_exit_rcu\\n common_interrupt\\n \u003c/IRQ\u003e\\n\\nThe calling function - mptcp_subflow_data_available() - can be invoked\\nfrom different contexts:\\n- plain ssk socket lock\\n- ssk socket lock + mptcp_data_lock\\n- ssk socket lock + mptcp_data_lock + msk socket lock.\\n\\nSince subflow_error_report() tries to acquire the mptcp_data_lock, the\\nlatter two call chains will cause soft lookup.\\n\\nThis change addresses the issue moving the error reporting call to\\nouter functions, where the held locks list is known and the we can\\nacquire only the needed one.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mptcp: corrige una b\u00fasqueda suave en subflow_error_report(). Maxim inform\u00f3 una b\u00fasqueda suave en subflow_error_report(): vigilancia: ERROR: bloqueo suave - \u00a1CPU#0 bloqueada durante 22 segundos! [swapper/0:0] RIP: 0010:native_queued_spin_lock_slowpath RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202 RAX: 0000000000000101 RBX: 0000000000000001 RCX: 000000000 0000000 RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88 RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4 :ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88 R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700 FS: 0000000000000000(0000) 1961f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c000407000 CR3: 0000000002988000 00000000000006f0 Seguimiento de llamadas: _raw_spin_lock_bh subflow_error_report mptcp_subflow_data_available __mptcp_move_skbs_from_subflow mptcp_data_ready tcp_data_queue tcp_rcv_establecido tcp_v4_do_rcv tcp_v4_rcv liver_rcu ip_local_deliver_finish __netif_receive_skb_one_core netif_receive_skb rtl8139_poll 8139too __napi_poll net_rx_action __do_softirq __irq_exit_rcu common_interrupt La funci\u00f3n de llamada, mptcp_subflow_data_available(), se puede invocar desde diferentes contextos: - enchufe ssk lock - bloqueo de socket ssk + mptcp_data_lock - bloqueo de socket ssk + mptcp_data_lock + bloqueo de socket msk. Dado que subflow_error_report() intenta adquirir mptcp_data_lock, las dos \u00faltimas cadenas de llamadas provocar\u00e1n una b\u00fasqueda suave. Este cambio soluciona el problema de mover la llamada de informe de errores a funciones externas, donde se conoce la lista de bloqueos retenidos y solo podemos adquirir el que necesitamos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.12\",\"versionEndExcluding\":\"5.12.13\",\"matchCriteriaId\":\"BED6B205-08A3-4C83-A8D7-DFE4B3FD506B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AC23B2-D46A-49D9-8203-8E1BEDCA8532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA610E30-717C-4700-9F77-A3C9244F3BFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ECD33F5-85BE-430B-8F86-8D7BD560311D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF351855-2437-4CF5-AD7C-BDFA51F27683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A855BA-2118-44F2-90EF-EBBB12AF51EF\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:32:07.921Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47242\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-06T19:00:17.036073Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"15cc10453398\", \"lessThan\": \"27ef25c72373\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"15cc10453398\", \"lessThan\": \"499ada507336\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.12\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"5.13\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"5.12.13\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.13\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-06T19:12:35.384Z\"}}], \"cna\": {\"title\": \"mptcp: fix soft lookup in subflow_error_report()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"15cc10453398c22f78f6c2b897119ecce5e5dd89\", \"lessThan\": \"27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15cc10453398c22f78f6c2b897119ecce5e5dd89\", \"lessThan\": \"499ada5073361c631f2a3c4a8aed44d53b6f82ec\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c8ad65cb5051498b8a58be40499db9e930f0092e\", \"versionType\": \"git\"}], \"programFiles\": [\"net/mptcp/protocol.c\", \"net/mptcp/subflow.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.12.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/mptcp/protocol.c\", \"net/mptcp/subflow.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/27ef25c72373222aaa5fe7b5cd890ae9cfb89a8d\"}, {\"url\": \"https://git.kernel.org/stable/c/499ada5073361c631f2a3c4a8aed44d53b6f82ec\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix soft lookup in subflow_error_report()\\n\\nMaxim reported a soft lookup in subflow_error_report():\\n\\n watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]\\n RIP: 0010:native_queued_spin_lock_slowpath\\n RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202\\n RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000\\n RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88\\n RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4\\n R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88\\n R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700\\n FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0\\n Call Trace:\\n \u003cIRQ\u003e\\n _raw_spin_lock_bh\\n subflow_error_report\\n mptcp_subflow_data_available\\n __mptcp_move_skbs_from_subflow\\n mptcp_data_ready\\n tcp_data_queue\\n tcp_rcv_established\\n tcp_v4_do_rcv\\n tcp_v4_rcv\\n ip_protocol_deliver_rcu\\n ip_local_deliver_finish\\n __netif_receive_skb_one_core\\n netif_receive_skb\\n rtl8139_poll 8139too\\n __napi_poll\\n net_rx_action\\n __do_softirq\\n __irq_exit_rcu\\n common_interrupt\\n \u003c/IRQ\u003e\\n\\nThe calling function - mptcp_subflow_data_available() - can be invoked\\nfrom different contexts:\\n- plain ssk socket lock\\n- ssk socket lock + mptcp_data_lock\\n- ssk socket lock + mptcp_data_lock + msk socket lock.\\n\\nSince subflow_error_report() tries to acquire the mptcp_data_lock, the\\nlatter two call chains will cause soft lookup.\\n\\nThis change addresses the issue moving the error reporting call to\\nouter functions, where the held locks list is known and the we can\\nacquire only the needed one.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.13\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"5.11.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T12:41:18.797Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-47242\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T12:41:18.797Z\", \"dateReserved\": \"2024-04-10T18:59:19.532Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-21T14:19:41.665Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…