cve-2021-47130
Vulnerability from cvelistv5
Published
2024-03-15 20:14
Modified
2024-11-04 17:09
Summary
nvmet: fix freeing unallocated p2pmem
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:12:36.061889Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T17:09:52.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c440cd080761",
              "status": "affected",
              "version": "c6e3f1339812",
              "versionType": "git"
            },
            {
              "lessThan": "8a452d62e7ce",
              "status": "affected",
              "version": "c6e3f1339812",
              "versionType": "git"
            },
            {
              "lessThan": "bcd9a0797d73",
              "status": "affected",
              "version": "c6e3f1339812",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix freeing unallocated p2pmem\n\nIn case p2p device was found but the p2p pool is empty, the nvme target\nis still trying to free the sgl from the p2p pool instead of the\nregular sgl pool and causing a crash (BUG() is called). Instead, assign\nthe p2p_dev for the request only if it was allocated from p2p pool.\n\nThis is the crash that was caused:\n\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n[Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI\n...\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n...\n[Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0\n...\n[Sun May 30 19:13:53 2021] Call Trace:\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\n[Sun May 30 19:13:53 2021]  pci_free_p2pmem+0x2b/0x70\n[Sun May 30 19:13:53 2021]  pci_p2pmem_free_sgl+0x4f/0x80\n[Sun May 30 19:13:53 2021]  nvmet_req_free_sgls+0x1e/0x80 [nvmet]\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n[Sun May 30 19:13:53 2021]  nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma]\n[Sun May 30 19:13:53 2021]  nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:00:00.794Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3"
        }
      ],
      "title": "nvmet: fix freeing unallocated p2pmem",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47130",
    "datePublished": "2024-03-15T20:14:33.955Z",
    "dateReserved": "2024-03-04T18:12:48.840Z",
    "dateUpdated": "2024-11-04T17:09:52.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47130\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-15T21:15:07.577\",\"lastModified\":\"2024-11-04T17:35:02.347\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnvmet: fix freeing unallocated p2pmem\\n\\nIn case p2p device was found but the p2p pool is empty, the nvme target\\nis still trying to free the sgl from the p2p pool instead of the\\nregular sgl pool and causing a crash (BUG() is called). Instead, assign\\nthe p2p_dev for the request only if it was allocated from p2p pool.\\n\\nThis is the crash that was caused:\\n\\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\\n[Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI\\n...\\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\\n...\\n[Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0\\n...\\n[Sun May 30 19:13:53 2021] Call Trace:\\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\\n[Sun May 30 19:13:53 2021]  pci_free_p2pmem+0x2b/0x70\\n[Sun May 30 19:13:53 2021]  pci_p2pmem_free_sgl+0x4f/0x80\\n[Sun May 30 19:13:53 2021]  nvmet_req_free_sgls+0x1e/0x80 [nvmet]\\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\\n[Sun May 30 19:13:53 2021]  nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma]\\n[Sun May 30 19:13:53 2021]  nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvmet: soluci\u00f3n que libera p2pmem no asignado En caso de que se encuentre un dispositivo p2p pero el grupo p2p est\u00e9 vac\u00edo, el objetivo nvme todav\u00eda est\u00e1 intentando liberar el sgl del grupo p2p en lugar del sgl normal. pool y provocando un bloqueo (se llama a BUG()). En su lugar, asigne p2p_dev para la solicitud solo si se asign\u00f3 desde el grupo p2p. Este es el accidente que se provoc\u00f3: [domingo 30 de mayo 19:13:53 2021] ------------[ cortar aqu\u00ed ]------------ [domingo de mayo 30 19:13:53 2021] \u00a1ERROR del kernel en lib/genalloc.c:518! [domingo 30 de mayo 19:13:53 2021] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] SMP PTI... [domingo 30 de mayo 19:13:53 2021] ERROR del kernel en lib/genalloc.c:518. ... [dom 30 de mayo 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0 ... [dom 30 de mayo 19:13:53 2021] Seguimiento de llamadas: [dom 30 de mayo 19:13:53 2021 ] ------------[ cortar aqu\u00ed ]------------ [domingo 30 de mayo 19:13:53 2021] pci_free_p2pmem+0x2b/0x70 [domingo 30 de mayo 19 :13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80 [domingo 30 de mayo 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet] [domingo 30 de mayo 19:13:53 2021] ERROR del kernel en lib/genalloc.c: 518! [dom 30 de mayo 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma] [dom 30 de mayo 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.