gsd-2021-47212
Vulnerability from gsd
Modified
2024-04-11 05:05
Details
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process - [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] ---[ end trace 10b4fe52945e544d ]---
Aliases



{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-47212"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518]  ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596]  remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641]  disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615]  __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640]  ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663]  __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640]  auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661]  device_release_driver_internal+0x103/0x1f0\n[ 2633.545679]  bus_remove_device+0xf7/0x170\n[ 2633.546640]  device_del+0x181/0x410\n[ 2633.547606]  mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777]  mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841]  mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864]  remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819]  pci_device_remove+0x3b/0xc0\n[ 2633.552731]  device_release_driver_internal+0x103/0x1f0\n[ 2633.553746]  unbind_store+0xf6/0x130\n[ 2633.554657]  kernfs_fop_write+0x116/0x190\n[ 2633.555567]  vfs_write+0xa5/0x1a0\n[ 2633.556407]  ksys_write+0x4f/0xb0\n[ 2633.557233]  do_syscall_64+0x5b/0x1a0\n[ 2633.558071]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---",
      "id": "GSD-2021-47212",
      "modified": "2024-04-11T05:05:09.607738Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-47212",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6a6fabbfa3e8",
                          "version_value": "a51a6da375d8"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.2"
                              },
                              {
                                "lessThan": "5.2",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.15.*",
                                "status": "unaffected",
                                "version": "5.15.5",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.16",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518]  ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596]  remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641]  disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615]  __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640]  ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663]  __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640]  auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661]  device_release_driver_internal+0x103/0x1f0\n[ 2633.545679]  bus_remove_device+0xf7/0x170\n[ 2633.546640]  device_del+0x181/0x410\n[ 2633.547606]  mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777]  mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841]  mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864]  remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819]  pci_device_remove+0x3b/0xc0\n[ 2633.552731]  device_release_driver_internal+0x103/0x1f0\n[ 2633.553746]  unbind_store+0xf6/0x130\n[ 2633.554657]  kernfs_fop_write+0x116/0x190\n[ 2633.555567]  vfs_write+0xa5/0x1a0\n[ 2633.556407]  ksys_write+0x4f/0xb0\n[ 2633.557233]  do_syscall_64+0x5b/0x1a0\n[ 2633.558071]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-d175d3acf727"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48"
          },
          {
            "name": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518]  ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596]  remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641]  disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615]  __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640]  ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663]  __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640]  auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661]  device_release_driver_internal+0x103/0x1f0\n[ 2633.545679]  bus_remove_device+0xf7/0x170\n[ 2633.546640]  device_del+0x181/0x410\n[ 2633.547606]  mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777]  mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841]  mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864]  remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819]  pci_device_remove+0x3b/0xc0\n[ 2633.552731]  device_release_driver_internal+0x103/0x1f0\n[ 2633.553746]  unbind_store+0xf6/0x130\n[ 2633.554657]  kernfs_fop_write+0x116/0x190\n[ 2633.555567]  vfs_write+0xa5/0x1a0\n[ 2633.556407]  ksys_write+0x4f/0xb0\n[ 2633.557233]  do_syscall_64+0x5b/0x1a0\n[ 2633.558071]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---"
          }
        ],
        "id": "CVE-2021-47212",
        "lastModified": "2024-04-10T19:49:51.183",
        "metrics": {},
        "published": "2024-04-10T19:15:48.597",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.