cve-2021-47512
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-08-04 05:39
Severity
Summary
net/sched: fq_pie: prevent dismantle issue
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:33.443173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:36:39.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a51edaf5cc563574878b93d7ef3d5955dda7030"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d86216dfda7c98375f809e26a30bfdaaba21d46e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61c2402665f1e10c5742033fce18392e369931d7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2a51edaf5cc5",
"status": "affected",
"version": "ec97ecf1ebe4",
"versionType": "git"
},
{
"lessThan": "d86216dfda7c",
"status": "affected",
"version": "ec97ecf1ebe4",
"versionType": "git"
},
{
"lessThan": "61c2402665f1",
"status": "affected",
"version": "ec97ecf1ebe4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.85",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: prevent dismantle issue\n\nFor some reason, fq_pie_destroy() did not copy\nworking code from pie_destroy() and other qdiscs,\nthus causing elusive bug.\n\nBefore calling del_timer_sync(\u0026q-\u003eadapt_timer),\nwe need to ensure timer will not rearm itself.\n\nrcu: INFO: rcu_preempt self-detected stall on CPU\nrcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579\n (t=10501 jiffies g=13085 q=3989)\nNMI backtrace for cpu 0\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111\n nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62\n trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]\n rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343\n print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]\n check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]\n rcu_pending kernel/rcu/tree.c:3878 [inline]\n rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597\n update_process_times+0x16d/0x200 kernel/time/timer.c:1785\n tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226\n tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428\n __run_hrtimer kernel/time/hrtimer.c:1685 [inline]\n __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749\n hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811\n local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]\n __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103\n sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638\nRIP: 0010:write_comp_data kernel/kcov.c:221 [inline]\nRIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273\nCode: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 \u003ce8\u003e 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00\nRSP: 0018:ffffc90000d27b28 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000\nRDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003\nRBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000\n pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418\n fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383\n call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421\n expire_timers kernel/time/timer.c:1466 [inline]\n __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734\n __run_timers kernel/time/timer.c:1715 [inline]\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747\n __do_softirq+0x29b/0x9c2 kernel/softirq.c:558\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164\n kthread+0x405/0x4f0 kernel/kthread.c:327\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:09:15.094Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a51edaf5cc563574878b93d7ef3d5955dda7030"
},
{
"url": "https://git.kernel.org/stable/c/d86216dfda7c98375f809e26a30bfdaaba21d46e"
},
{
"url": "https://git.kernel.org/stable/c/61c2402665f1e10c5742033fce18392e369931d7"
}
],
"title": "net/sched: fq_pie: prevent dismantle issue",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47512",
"datePublished": "2024-05-24T15:09:27.356Z",
"dateReserved": "2024-05-24T15:02:54.824Z",
"dateUpdated": "2024-08-04T05:39:59.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-47512\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-24T15:15:12.487\",\"lastModified\":\"2024-05-24T18:09:20.027\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: fq_pie: prevent dismantle issue\\n\\nFor some reason, fq_pie_destroy() did not copy\\nworking code from pie_destroy() and other qdiscs,\\nthus causing elusive bug.\\n\\nBefore calling del_timer_sync(\u0026q-\u003eadapt_timer),\\nwe need to ensure timer will not rearm itself.\\n\\nrcu: INFO: rcu_preempt self-detected stall on CPU\\nrcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579\\n (t=10501 jiffies g=13085 q=3989)\\nNMI backtrace for cpu 0\\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\\nCall Trace:\\n \u003cIRQ\u003e\\n __dump_stack lib/dump_stack.c:88 [inline]\\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\\n nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111\\n nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62\\n trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]\\n rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343\\n print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]\\n check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]\\n rcu_pending kernel/rcu/tree.c:3878 [inline]\\n rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597\\n update_process_times+0x16d/0x200 kernel/time/timer.c:1785\\n tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226\\n tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428\\n __run_hrtimer kernel/time/hrtimer.c:1685 [inline]\\n __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749\\n hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811\\n local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]\\n __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103\\n sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097\\n \u003c/IRQ\u003e\\n \u003cTASK\u003e\\n asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638\\nRIP: 0010:write_comp_data kernel/kcov.c:221 [inline]\\nRIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273\\nCode: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 \u003ce8\u003e 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00\\nRSP: 0018:ffffc90000d27b28 EFLAGS: 00000246\\nRAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000\\nRDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003\\nRBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000\\nR10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000\\nR13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000\\n pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418\\n fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383\\n call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421\\n expire_timers kernel/time/timer.c:1466 [inline]\\n __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734\\n __run_timers kernel/time/timer.c:1715 [inline]\\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747\\n __do_softirq+0x29b/0x9c2 kernel/softirq.c:558\\n run_ksoftirqd kernel/softirq.c:921 [inline]\\n run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913\\n smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164\\n kthread+0x405/0x4f0 kernel/kthread.c:327\\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\\n \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/sched: fq_pie: previene el problema de desmantelamiento Por alguna raz\u00f3n, fq_pie_destroy() no copi\u00f3 el c\u00f3digo de trabajo de pie_destroy() y otras qdiscs, causando as\u00ed un error dif\u00edcil de alcanzar. Antes de llamar a del_timer_sync(\u0026amp;q-\u0026gt;adapt_timer), debemos asegurarnos de que el temporizador no se rearme solo. rcu: INFO: rcu_preempt se bloque\u00f3 autom\u00e1ticamente en la CPU rcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579 (t=10501 jiffies g=13085 q=3989) NMI backtrace for cpu 0 CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343 print_cpu_stall kernel/rcu/tree_stall.h:627 [inline] check_cpu_stall kernel/rcu/tree_stall.h:711 [inline] rcu_pending kernel/rcu/tree.c:3878 [inline] rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597 update_process_times+0x16d/0x200 kernel/time/timer.c:1785 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline] __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:write_comp_data kernel/kcov.c:221 [inline] RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273 Code: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00 RSP: 0018:ffffc90000d27b28 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000 RDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003 RBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000 pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418 fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 \"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2a51edaf5cc563574878b93d7ef3d5955dda7030\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/61c2402665f1e10c5742033fce18392e369931d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d86216dfda7c98375f809e26a30bfdaaba21d46e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...