cve-2021-47400
Vulnerability from cvelistv5
Published
2024-05-21 15:03
Modified
2024-11-04 12:05
Summary
net: hns3: do not allow call hns3_nic_net_open repeatedly
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T18:26:38.689847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T17:45:26.295Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8ba689cb69523144d10606096ef686002dd7285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3dac38bdce7932901b9f0b71c62331852c809e61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b09e88e1bf7fe86540fab4b5f3eece8abead39e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a31d4e73ada",
              "status": "affected",
              "version": "e888402789b9",
              "versionType": "git"
            },
            {
              "lessThan": "f8ba689cb695",
              "status": "affected",
              "version": "e888402789b9",
              "versionType": "git"
            },
            {
              "lessThan": "3dac38bdce79",
              "status": "affected",
              "version": "e888402789b9",
              "versionType": "git"
            },
            {
              "lessThan": "5b09e88e1bf7",
              "status": "affected",
              "version": "e888402789b9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.71",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: do not allow call hns3_nic_net_open repeatedly\n\nhns3_nic_net_open() is not allowed to called repeatly, but there\nis no checking for this. When doing device reset and setup tc\nconcurrently, there is a small oppotunity to call hns3_nic_net_open\nrepeatedly, and cause kernel bug by calling napi_enable twice.\n\nThe calltrace information is like below:\n[ 3078.222780] ------------[ cut here ]------------\n[ 3078.230255] kernel BUG at net/core/dev.c:6991!\n[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)\n[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G           O      5.14.0-rc4+ #1\n[ 3078.269102] Hardware name:  , BIOS KpxxxFPGA 1P B600 V181 08/12/2021\n[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]\n[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 3078.296168] pc : napi_enable+0x80/0x84\ntc qdisc sho[w  3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]\n\n[ 3078.314771] sp : ffff8000108abb20\n[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300\n[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000\n[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880\n[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000\n[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930\n[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4\n[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8\n[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344\n[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938\n[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0\n[ 3078.414657] Call trace:\n[ 3078.418517]  napi_enable+0x80/0x84\n[ 3078.424626]  hns3_reset_notify_up_enet+0x78/0xd0 [hns3]\n[ 3078.433469]  hns3_reset_notify+0x64/0x80 [hns3]\n[ 3078.441430]  hclge_notify_client+0x68/0xb0 [hclge]\n[ 3078.450511]  hclge_reset_rebuild+0x524/0x884 [hclge]\n[ 3078.458879]  hclge_reset_service_task+0x3c4/0x680 [hclge]\n[ 3078.467470]  hclge_service_task+0xb0/0xb54 [hclge]\n[ 3078.475675]  process_one_work+0x1dc/0x48c\n[ 3078.481888]  worker_thread+0x15c/0x464\n[ 3078.487104]  kthread+0x160/0x170\n[ 3078.492479]  ret_from_fork+0x10/0x18\n[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)\n[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---\n\nOnce hns3_nic_net_open() is excute success, the flag\nHNS3_NIC_STATE_DOWN will be cleared. So add checking for this\nflag, directly return when HNS3_NIC_STATE_DOWN is no set."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:05:11.853Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8ba689cb69523144d10606096ef686002dd7285"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dac38bdce7932901b9f0b71c62331852c809e61"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b09e88e1bf7fe86540fab4b5f3eece8abead39e"
        }
      ],
      "title": "net: hns3: do not allow call hns3_nic_net_open repeatedly",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47400",
    "datePublished": "2024-05-21T15:03:55.368Z",
    "dateReserved": "2024-05-21T14:58:30.816Z",
    "dateUpdated": "2024-11-04T12:05:11.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47400\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:25.457\",\"lastModified\":\"2024-11-01T18:35:01.800\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: do not allow call hns3_nic_net_open repeatedly\\n\\nhns3_nic_net_open() is not allowed to called repeatly, but there\\nis no checking for this. When doing device reset and setup tc\\nconcurrently, there is a small oppotunity to call hns3_nic_net_open\\nrepeatedly, and cause kernel bug by calling napi_enable twice.\\n\\nThe calltrace information is like below:\\n[ 3078.222780] ------------[ cut here ]------------\\n[ 3078.230255] kernel BUG at net/core/dev.c:6991!\\n[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\\n[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)\\n[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G           O      5.14.0-rc4+ #1\\n[ 3078.269102] Hardware name:  , BIOS KpxxxFPGA 1P B600 V181 08/12/2021\\n[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]\\n[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\\n[ 3078.296168] pc : napi_enable+0x80/0x84\\ntc qdisc sho[w  3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]\\n\\n[ 3078.314771] sp : ffff8000108abb20\\n[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300\\n[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000\\n[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880\\n[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000\\n[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930\\n[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4\\n[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8\\n[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344\\n[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938\\n[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0\\n[ 3078.414657] Call trace:\\n[ 3078.418517]  napi_enable+0x80/0x84\\n[ 3078.424626]  hns3_reset_notify_up_enet+0x78/0xd0 [hns3]\\n[ 3078.433469]  hns3_reset_notify+0x64/0x80 [hns3]\\n[ 3078.441430]  hclge_notify_client+0x68/0xb0 [hclge]\\n[ 3078.450511]  hclge_reset_rebuild+0x524/0x884 [hclge]\\n[ 3078.458879]  hclge_reset_service_task+0x3c4/0x680 [hclge]\\n[ 3078.467470]  hclge_service_task+0xb0/0xb54 [hclge]\\n[ 3078.475675]  process_one_work+0x1dc/0x48c\\n[ 3078.481888]  worker_thread+0x15c/0x464\\n[ 3078.487104]  kthread+0x160/0x170\\n[ 3078.492479]  ret_from_fork+0x10/0x18\\n[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)\\n[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---\\n\\nOnce hns3_nic_net_open() is excute success, the flag\\nHNS3_NIC_STATE_DOWN will be cleared. So add checking for this\\nflag, directly return when HNS3_NIC_STATE_DOWN is no set.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: no permitir llamadas repetidas a hns3_nic_net_open. No se permite llamar repetidamente a hns3_nic_net_open(), pero no se puede verificar esto. Al restablecer y configurar tc el dispositivo simult\u00e1neamente, existe una peque\u00f1a oportunidad de llamar a hns3_nic_net_open repetidamente y causar un error en el kernel al llamar a napi_enable dos veces. La informaci\u00f3n del seguimiento de llamadas es la siguiente: [3078.222780] ------------[ cortar aqu\u00ed ]------------ [ 3078.230255] BUG del kernel en net/core/dev. c:6991! [3078.236224] Error interno: Ups - BUG: 0 [#1] SMP PREEMPLEADO [3078.243431] M\u00f3dulos vinculados en: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [ 3078.258880 CPU : 0 PID: 295 Comunicaciones: kworker/u8 :5 Contaminado: GO 5.14.0-rc4+ #1 [ 3078.269102] Nombre de hardware: , BIOS KpxxxFPGA 1P B600 V181 12/08/2021 [ 3078.276801] Cola de trabajo: hclge hclge_service_task [hclge] [ 3078.288774] pstate: 0009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 3078.296168] pc : napi_enable+0x80/0x84 tc qdisc sho[w 3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3] [ 3078.314771] sp : 8000108abb20 [3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300 [ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 00000000000 00000 [ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880 [ 3078.349018] x20: 0000000000000000 x19: 00 x18: 0000000000000000 [ 3078.358620] x17: 0000000000000000 x16 : ffffc816e1727a50 x15: 0000ffff8f4ff930 [ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4 [ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9: ffffc816ad8885b8 [3078.387091] x8: ffff08209cfc6fb8 x7: ffff0820ac0da058 x6: ffff0820a8490344 [ 3 078.396356] x5: 0000000000000140 x4: 0000000000000003 x3: ffff08209cd76938 [3078.405365] x2: 0000000000000000 x1: 0000000000000010 x0: ffff0820abfe38a0 [3078.414657] Rastreo de llamadas: [3078.418517] +0x80/0x84 [ 3078.424626] hns3_reset_notify_up_enet+0x78/0xd0 [hns3] [ 3078.433469] hns3_reset_notify+0x64/0x80 [hns3 ] [ 3078.441430] hclge_notify_client+0x68/0xb0 [hclge] [ 3078.450511] hclge_reset_rebuild+0x524/0x884 [hclge] [ 3078.458879] hclge_reset_service_task+0x3c4/0x680 [hclge] 3078.467470] hclge_service_task+0xb0/0xb54 [hclge] [ 3078.475675] proceso_one_work+ 0x1dc/0x48c [ 3078.481888] work_thread+0x15c/0x464 [ 3078.487104] kthread+0x160/0x170 [ 3078.492479] ret_from_fork+0x10/0x18 [ 3078.498785] C\u00f3digo: c81 35ffffa2 d50323bf d65f03c0 (d4210000) [ 3078.506889] ---[ final de seguimiento 8ebe0340a1b0fb44 ] --- Una vez que hns3_nic_net_open() se ejecute correctamente, se borrar\u00e1 el indicador HNS3_NIC_STATE_DOWN. Por lo tanto, agregue la verificaci\u00f3n de este indicador y regrese directamente cuando HNS3_NIC_STATE_DOWN no est\u00e9 configurado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3dac38bdce7932901b9f0b71c62331852c809e61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5b09e88e1bf7fe86540fab4b5f3eece8abead39e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f8ba689cb69523144d10606096ef686002dd7285\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.