CVE-2021-47283 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI or legacy IRQ interrupts. In the last one, the interrupt was not properly released on module remove. It was not freed because the flag irqs_hooked was not set during initialization in the case of using legacy IRQ. Example of (trimmed) trace during module remove without this fix: remove_proc_entry: removing non-empty directory 'irq/125', leaking at least '0000:3b:00.1' WARNING: CPU: 39 PID: 3658 at fs/proc/generic.c:715 remove_proc_entry+0x15c/0x170 ...trimmed... Call Trace: unregister_irq_proc+0xe3/0x100 free_desc+0x29/0x70 irq_free_descs+0x47/0x70 mp_unmap_irq+0x58/0x60 acpi_unregister_gsi_ioapic+0x2a/0x40 acpi_pci_irq_disable+0x78/0xb0 pci_disable_device+0xd1/0x100 efx_pci_remove+0xa1/0x1e0 [sfc] pci_device_remove+0x38/0xa0 __device_release_driver+0x177/0x230 driver_detach+0xcb/0x110 bus_remove_driver+0x58/0xd0 pci_unregister_driver+0x2a/0xb0 efx_exit_module+0x24/0xf40 [sfc] __do_sys_delete_module.constprop.0+0x171/0x280 ? exit_to_user_mode_prepare+0x83/0x1d0 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9f9385800b ...trimmed...

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc5::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/81c4d1d83f88e15b26f4522a35cba6ffd8c5dfdd
https://git.kernel.org/stable/c/8d717c9135a3340ae62d1699484850bfb4112b0c
https://git.kernel.org/stable/c/8f03eeb6e0a0a0b8d617ee0a4bce729e47130036
https://lore.kernel.org/linux-cve-announce/2024052154-CVE-2021-47283-6ea6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47283
https://www.cve.org/CVERecord?id=CVE-2021-47283

History

Thu, 26 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-772
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc5::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401 CWE-404 CWE-665

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:20:08.828Z

Updated: 2024-12-19T07:38:58.137Z

Reserved: 2024-05-21T13:27:52.129Z

Link: CVE-2021-47283

Vulnrichment

Updated: 2024-08-04T05:32:08.013Z

NVD

Status : Analyzed

Published: 2024-05-21T15:15:16.503

Modified: 2024-12-26T20:49:20.487

Link: CVE-2021-47283

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47283 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object