ghsa-wmrp-qwhx-cpwv
Vulnerability from github
Published
2024-06-19 15:30
Modified
2024-06-19 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

xen/netback: don't queue unlimited number of packages

In case a guest isn't consuming incoming network traffic as fast as it is coming in, xen-netback is buffering network packages in unlimited numbers today. This can result in host OOM situations.

Commit f48da8b14d04ca8 ("xen-netback: fix unlimited guest Rx internal queue and carrier flapping") meant to introduce a mechanism to limit the amount of buffered data by stopping the Tx queue when reaching the data limit, but this doesn't work for cases like UDP.

When hitting the limit don't queue further SKBs, but drop them instead. In order to be able to tell Rx packages have been dropped increment the rx_dropped statistics counter in this case.

It should be noted that the old solution to continue queueing SKBs had the additional problem of an overflow of the 32-bit rx_queue_len value would result in intermittent Tx queue enabling.

This is part of XSA-392

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47581"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:52Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netback: don\u0027t queue unlimited number of packages\n\nIn case a guest isn\u0027t consuming incoming network traffic as fast as it\nis coming in, xen-netback is buffering network packages in unlimited\nnumbers today. This can result in host OOM situations.\n\nCommit f48da8b14d04ca8 (\"xen-netback: fix unlimited guest Rx internal\nqueue and carrier flapping\") meant to introduce a mechanism to limit\nthe amount of buffered data by stopping the Tx queue when reaching the\ndata limit, but this doesn\u0027t work for cases like UDP.\n\nWhen hitting the limit don\u0027t queue further SKBs, but drop them instead.\nIn order to be able to tell Rx packages have been dropped increment the\nrx_dropped statistics counter in this case.\n\nIt should be noted that the old solution to continue queueing SKBs had\nthe additional problem of an overflow of the 32-bit rx_queue_len value\nwould result in intermittent Tx queue enabling.\n\nThis is part of XSA-392",
  "id": "GHSA-wmrp-qwhx-cpwv",
  "modified": "2024-06-19T15:30:55Z",
  "published": "2024-06-19T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47581"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0928efb09178e01d3dc8e8849aa1c807436c3c37"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d99b3c6bd39a0a023e972d8f912fd47698bbbb8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88f20cccbeec9a5e83621df5cc2453b5081454dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bebb2eedf679b3be4acaa20efda97f32c999d74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4226b387436315e7f57465c15335f4f4b5b075d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd926d189210cd1d5b4e618e45898053be6b4b3b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be81992f9086b230623ae3ebbc85ecee4d00a3d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9f17e92917fd5786be872626a3928979ecc4c39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.