cve-2021-47428
Vulnerability from cvelistv5
Published
2024-05-21 15:04
Modified
2024-08-04 05:39
Severity
Summary
powerpc/64s: fix program check interrupt emergency stack path
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3e607dc4df180b72a38e75030cb0f94d12808712
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/411b38fe68ba20a8bbe724b0939762c3f16e16ca
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c835b3d1d6362b4a4ebb192da7e7fd27a0a45d01
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T19:45:14.633880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:19.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/411b38fe68ba20a8bbe724b0939762c3f16e16ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c835b3d1d6362b4a4ebb192da7e7fd27a0a45d01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e607dc4df180b72a38e75030cb0f94d12808712"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/exceptions-64s.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "411b38fe68ba",
              "status": "affected",
              "version": "0a882e28468f",
              "versionType": "git"
            },
            {
              "lessThan": "c835b3d1d636",
              "status": "affected",
              "version": "0a882e28468f",
              "versionType": "git"
            },
            {
              "lessThan": "3e607dc4df18",
              "status": "affected",
              "version": "0a882e28468f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/exceptions-64s.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.73",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.12",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: fix program check interrupt emergency stack path\n\nEmergency stack path was jumping into a 3: label inside the\n__GEN_COMMON_BODY macro for the normal path after it had finished,\nrather than jumping over it. By a small miracle this is the correct\nplace to build up a new interrupt frame with the existing stack\npointer, so things basically worked okay with an added weird looking\n700 trap frame on top (which had the wrong -\u003enip so it didn\u0027t decode\nbug messages either).\n\nFix this by avoiding using numeric labels when jumping over non-trivial\nmacros.\n\nBefore:\n\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in:\n CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637\n NIP:  7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0\n REGS: c0000000fffb3a50 TRAP: 0700   Not tainted\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 00000700  XER: 20040000\n CFAR: c0000000000098b0 IRQMASK: 0\n GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000\n GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299\n GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8\n GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001\n GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8\n GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158\n GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300\n GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80\n NIP [7265677368657265] 0x7265677368657265\n LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10\n Call Trace:\n [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable)\n --- interrupt: 700 at decrementer_common_virt+0xb8/0x230\n NIP:  c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0\n REGS: c0000000fffb3d60 TRAP: 0700   Not tainted\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 22424282  XER: 20040000\n CFAR: c0000000000098b0 IRQMASK: 0\n GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000\n GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299\n GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8\n GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001\n GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8\n GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158\n GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300\n GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80\n NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230\n LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10\n --- interrupt: 700\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 6d28218e0cc3c949 ]---\n\nAfter:\n\n ------------[ cut here ]------------\n kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in:\n CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638\n NIP:  c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0\n REGS: c0000000fffb3d60 TRAP: 0700   Not tainted\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 24482227  XER: 00040000\n CFAR: c0000000000098b0 IRQMASK: 0\n GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868\n GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009\n GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c\n GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00\n GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90\n GPR20: 00000000100eed90 00000\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:07:45.879Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/411b38fe68ba20a8bbe724b0939762c3f16e16ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/c835b3d1d6362b4a4ebb192da7e7fd27a0a45d01"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e607dc4df180b72a38e75030cb0f94d12808712"
        }
      ],
      "title": "powerpc/64s: fix program check interrupt emergency stack path",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47428",
    "datePublished": "2024-05-21T15:04:13.910Z",
    "dateReserved": "2024-05-21T14:58:30.828Z",
    "dateUpdated": "2024-08-04T05:39:59.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47428\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:28.210\",\"lastModified\":\"2024-05-21T16:53:56.550\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npowerpc/64s: fix program check interrupt emergency stack path\\n\\nEmergency stack path was jumping into a 3: label inside the\\n__GEN_COMMON_BODY macro for the normal path after it had finished,\\nrather than jumping over it. By a small miracle this is the correct\\nplace to build up a new interrupt frame with the existing stack\\npointer, so things basically worked okay with an added weird looking\\n700 trap frame on top (which had the wrong -\u003enip so it didn\u0027t decode\\nbug messages either).\\n\\nFix this by avoiding using numeric labels when jumping over non-trivial\\nmacros.\\n\\nBefore:\\n\\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\\n Modules linked in:\\n CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637\\n NIP:  7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0\\n REGS: c0000000fffb3a50 TRAP: 0700   Not tainted\\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 00000700  XER: 20040000\\n CFAR: c0000000000098b0 IRQMASK: 0\\n GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000\\n GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299\\n GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8\\n GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001\\n GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8\\n GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158\\n GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300\\n GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80\\n NIP [7265677368657265] 0x7265677368657265\\n LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10\\n Call Trace:\\n [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable)\\n --- interrupt: 700 at decrementer_common_virt+0xb8/0x230\\n NIP:  c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0\\n REGS: c0000000fffb3d60 TRAP: 0700   Not tainted\\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 22424282  XER: 20040000\\n CFAR: c0000000000098b0 IRQMASK: 0\\n GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000\\n GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299\\n GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8\\n GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001\\n GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8\\n GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158\\n GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300\\n GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80\\n NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230\\n LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10\\n --- interrupt: 700\\n Instruction dump:\\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\\n ---[ end trace 6d28218e0cc3c949 ]---\\n\\nAfter:\\n\\n ------------[ cut here ]------------\\n kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491!\\n Oops: Exception in kernel mode, sig: 5 [#1]\\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\\n Modules linked in:\\n CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638\\n NIP:  c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0\\n REGS: c0000000fffb3d60 TRAP: 0700   Not tainted\\n MSR:  9000000000021031 \u003cSF,HV,ME,IR,DR,LE\u003e  CR: 24482227  XER: 00040000\\n CFAR: c0000000000098b0 IRQMASK: 0\\n GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868\\n GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009\\n GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c\\n GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00\\n GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90\\n GPR20: 00000000100eed90 00000\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/64s: programa de reparaci\u00f3n, verificaci\u00f3n, interrupci\u00f3n, ruta de pila de emergencia. La ruta de pila de emergencia saltaba a una etiqueta 3: dentro de la macro __GEN_COMMON_BODY para la ruta normal despu\u00e9s de haber terminado, en lugar de saltar por encima. \u00e9l. Por un peque\u00f1o milagro, este es el lugar correcto para construir un nuevo marco de interrupci\u00f3n con el puntero de pila existente, por lo que las cosas b\u00e1sicamente funcionaron bien con un marco de trampa 700 de aspecto extra\u00f1o agregado en la parte superior (que ten\u00eda el -\u0026gt;nip incorrecto, por lo que no decodificar mensajes de error tampoco). Solucione este problema evitando el uso de etiquetas num\u00e9ricas al saltar sobre macros no triviales. Antes: LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 M\u00f3dulos NUMA PowerNV vinculados en: CPU: 0 PID: 88 Comm: sh No contaminado 5.15.0-rc2-00034-ge057cdade6e5 #2637 NIP: 7265677368657265 LR c00000000 006c0c8 CTR: c0000000000097f0 REGS: c0000000fffb3a50 TRAP: 0700 No contaminado MSR: 9000000000021031  CR: 00000700 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: 0000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000 001299 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 000 0000000000001 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 GPR28 c0000000012700 00 0000000042000000 0000000048ab0778 c000000080647e80 NIP [7265677368657265] 0x7265677368657265 LR [c00000000006c0c8] /0xb10 Seguimiento de llamadas : [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (no confiable) --- interrupci\u00f3n: 700 en decrementer_common_virt+0xb8/0x230 NIP: c0000000000098b8 LR: c00000000006c0 c8 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 MSR no contaminado: 9000000000021031  CR: 22424282 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006c964 0000000000002400 c000000001513800 00000000 00000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 GPR08: 000001e447c718ec 0000000022424282 00000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 00000000000000001 GPR16: 0000000000000000 0000 000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 00000000000000080 00007fff89d90158 GPR24: 000 0000000002000000 0000000000000255 0000000000000300 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 --- interrupci\u00f3n: 700 Volcado de instrucciones: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX ---[ final de seguimiento 6d28218e0cc3c949 ]--- Despu\u00e9s: ------------[ cortar aqu\u00ed ]-------- ---- \u00a1ERROR del kernel en arch/powerpc/kernel/exceptions-64s.S:491! Vaya: Excepci\u00f3n en modo kernel, sign: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 M\u00f3dulos NUMA PowerNV vinculados en: CPU: 0 PID: 88 Comm: iniciar sesi\u00f3n No est\u00e1 contaminado 5.15.0-rc2-00034- ge057cdade6e5-dirty #2638 NIP: c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 No contaminado MSR: 90000000000210 31  CR: 24482227 XER: 00040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868 GPR04: 00000000100f0d29 0000000042000000 0000000000000 007 0000000000000009 GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c GPR12: 9000000000009033 c000000001 6b0000 00000000100f0d29 c000000005b22f00 GPR16: 00000000ffff0000 0000000000000001 ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3e607dc4df180b72a38e75030cb0f94d12808712\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/411b38fe68ba20a8bbe724b0939762c3f16e16ca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c835b3d1d6362b4a4ebb192da7e7fd27a0a45d01\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.