github - ghsa-5c74-rw46-pr2c

ghsa-5c74-rw46-pr2c

Vulnerability from github

Published

2024-06-19 15:30

Modified

2024-06-19 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

io-wq: check for wq exit after adding new worker task_work

We check IO_WQ_BIT_EXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where creation checks exit finding it not set, but we're in the process of exiting. The exit side will cancel pending creation task_work, but there's a gap where we add task_work after we've canceled existing creations at exit time.

Fix this by checking the EXIT bit post adding the creation task_work. If it's set, run the same cancelation that exit does.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47577"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:52Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check for wq exit after adding new worker task_work\n\nWe check IO_WQ_BIT_EXIT before attempting to create a new worker, and\nwq exit cancels pending work if we have any. But it\u0027s possible to have\na race between the two, where creation checks exit finding it not set,\nbut we\u0027re in the process of exiting. The exit side will cancel pending\ncreation task_work, but there\u0027s a gap where we add task_work after we\u0027ve\ncanceled existing creations at exit time.\n\nFix this by checking the EXIT bit post adding the creation task_work.\nIf it\u0027s set, run the same cancelation that exit does.",
  "id": "GHSA-5c74-rw46-pr2c",
  "modified": "2024-06-19T15:30:54Z",
  "published": "2024-06-19T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47577"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-47577

Vulnerability from cvelistv5

Published

2024-06-19 14:53

Modified

2024-08-04 05:39

Severity

Summary

io-wq: check for wq exit after adding new worker task_work

References

URL	Tags
https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec
https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T14:05:50.192086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T14:06:00.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/io-wq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b4e5bbf9386",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "71a85387546e",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/io-wq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.11",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check for wq exit after adding new worker task_work\n\nWe check IO_WQ_BIT_EXIT before attempting to create a new worker, and\nwq exit cancels pending work if we have any. But it\u0027s possible to have\na race between the two, where creation checks exit finding it not set,\nbut we\u0027re in the process of exiting. The exit side will cancel pending\ncreation task_work, but there\u0027s a gap where we add task_work after we\u0027ve\ncanceled existing creations at exit time.\n\nFix this by checking the EXIT bit post adding the creation task_work.\nIf it\u0027s set, run the same cancelation that exit does."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-19T14:53:45.393Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6"
        }
      ],
      "title": "io-wq: check for wq exit after adding new worker task_work",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47577",
    "datePublished": "2024-06-19T14:53:45.393Z",
    "dateReserved": "2024-05-24T15:11:00.730Z",
    "dateUpdated": "2024-08-04T05:39:59.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.