{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47015", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.953Z", "datePublished": "2024-02-28T08:13:32.135Z", "dateUpdated": "2025-05-04T12:40:55.503Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:40:55.503Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RX consumer index logic in the error path.\n\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n\n #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n [exception RIP: bnxt_rx_pkt+237]\n RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\n RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\n RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\n RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\n R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\n R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt.c"], "versions": [{"version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847", "status": "affected", "versionType": "git"}, {"version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "4fcaad2b7dac3f16704f8118c7e481024ddbd3ed", "status": "affected", "versionType": "git"}, {"version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "e187ef83c04a5d23e68d39cfdff1a1931e29890c", "status": "affected", "versionType": "git"}, {"version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "3fbc5bc651d688fbea2a59cdc91520a2f5334d0a", "status": "affected", "versionType": "git"}, {"version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "bbd6f0a948139970f4a615dff189d9a503681a39", "status": "affected", "versionType": "git"}, {"version": "8e302e8e10b05165ed21273539a1e6a83ab93e9e", "status": "affected", "versionType": "git"}, {"version": "46281ee85b651b0df686001651b965d17b8e2c67", "status": "affected", "versionType": "git"}, {"version": "d2d055a554036b0240f296743942b8111fd4ce97", "status": "affected", "versionType": "git"}, {"version": "aecbbae850ede49183fa0b73c7445531a47669cf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.119", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.4.119"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.10.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.11.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.12.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.112"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847"}, {"url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed"}, {"url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c"}, {"url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a"}, {"url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39"}], "title": "bnxt_en: Fix RX consumer index logic in the error path.", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:16:01.961678Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:23.299Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.682Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.682Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:16:01.961678Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.657Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "bnxt_en: Fix RX consumer index logic in the error path.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847", "versionType": "git"}, {"status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "4fcaad2b7dac3f16704f8118c7e481024ddbd3ed", "versionType": "git"}, {"status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "e187ef83c04a5d23e68d39cfdff1a1931e29890c", "versionType": "git"}, {"status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "3fbc5bc651d688fbea2a59cdc91520a2f5334d0a", "versionType": "git"}, {"status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "lessThan": "bbd6f0a948139970f4a615dff189d9a503681a39", "versionType": "git"}, {"status": "affected", "version": "8e302e8e10b05165ed21273539a1e6a83ab93e9e", "versionType": "git"}, {"status": "affected", "version": "46281ee85b651b0df686001651b965d17b8e2c67", "versionType": "git"}, {"status": "affected", "version": "d2d055a554036b0240f296743942b8111fd4ce97", "versionType": "git"}, {"status": "affected", "version": "aecbbae850ede49183fa0b73c7445531a47669cf", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.1"}, {"status": "unaffected", "version": "0", "lessThan": "5.1", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.119", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847"}, {"url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed"}, {"url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c"}, {"url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a"}, {"url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RX consumer index logic in the error path.\n\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n\n #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n [exception RIP: bnxt_rx_pkt+237]\n RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\n RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\n RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\n RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\n R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\n R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.119", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.9.169"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.14.112"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.19.35"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.0.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:40:55.503Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47015", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:40:55.503Z", "dateReserved": "2024-02-27T18:42:55.953Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:32.135Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CAD77FE-8526-497E-BC33-C8E0B087BFB9", "versionEndExcluding": "5.4.119", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RX consumer index logic in the error path.\n\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n\n #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n [exception RIP: bnxt_rx_pkt+237]\n RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\n RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\n RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\n RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\n R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\n R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bnxt_en: corrige la l\u00f3gica del \u00edndice del consumidor RX en la ruta del error. En bnxt_rx_pkt(), se espera que los buffers RX se completen en orden. Si el \u00edndice del consumidor RX indica que el b\u00fafer est\u00e1 fuera de servicio, significa que estamos sufriendo un error de hardware y el controlador cancelar\u00e1 todos los paquetes RX restantes y restablecer\u00e1 el anillo RX. El \u00edndice de consumidores RX que pasamos a bnxt_discard_rx() no es correcto. Deber\u00edamos pasar el \u00edndice actual (tmp_raw_cons) en lugar del \u00edndice anterior (raw_cons). Este error puede hacer que estemos en el \u00edndice incorrecto al intentar abortar el siguiente paquete RX. Puede fallar as\u00ed: #0 [ffff9bbcdf5c39a8] machine_kexec en ffffffff9b05e007 #1 [ffff9bbcdf5c3a00] __crash_kexec en ffffffff9b111232 #2 [ffff9bbcdf5c3ad0] p\u00e1nico en ffffffff9b07d61e #3 [ffff9bbcdf5c3b50 ] oops_end en ffffffff9b030978 #4 [ffff9bbcdf5c3b78] no_context en ffffffff9b06aaf0 #5 [ffff9bbcdf5c3bd8 ] __bad_area_nosemaphore en ffffffff9b06ae2e #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore en ffffffff9b06af24 #7 [ffff9bbcdf5c3c38] __do_page_fault en ffffffff9b06b67e #8 [ffff9bbcdf5c3cb0] do_page_fault en ffffffff9b06bb12 #9 [ffff9bbcdf5c3ce0] page_fault en ffffffff9bc015c5 [excepci\u00f3n RIP: bnxt_rx_pkt+237] RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213 RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000 RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000000100 0 RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0 R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018"}], "id": "CVE-2021-47015", "lastModified": "2025-01-08T18:12:23.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-28T09:15:38.913", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bnxt_en: Fix RX consumer index logic in the error path", "id": "2266760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266760"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-612", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbnxt_en: Fix RX consumer index logic in the error path.\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n#0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n#1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n#2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n#3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n#4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n#5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n#6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n#7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n#8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n#9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n[exception RIP: bnxt_rx_pkt+237]\nRIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\nRAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\nRDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\nRBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\nR10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\nR13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\nORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018"], "name": "CVE-2021-47015", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47015\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47015\nhttps://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47015-c2ae@gregkh/T/#u"], "threat_severity": "Low"}

{}