{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47414", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.818Z", "datePublished": "2024-05-21T15:04:04.715Z", "dateUpdated": "2025-05-04T07:10:25.725Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:10:25.725Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Flush current cpu icache before other cpus\n\nOn SiFive Unmatched, I recently fell onto the following BUG when booting:\n\n[ 0.000000] ftrace: allocating 36610 entries in 144 pages\n[ 0.000000] Oops - illegal instruction [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5\n[ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT)\n[ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a\n[ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10\n[ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000\n[ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60\n[ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10\n[ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000\n[ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43\n[ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000\n[ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001\n[ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000\n[ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008\n[ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188\n[ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002\n[ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26\n[ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a\n[ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32\n[ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c\n[ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360\n[ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130\n[ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6\n[ 0.000000] ---[ end trace f67eb9af4d8d492b ]---\n[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!\n[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---\n\nWhile ftrace is looping over a list of addresses to patch, it always failed\nwhen patching the same function: riscv_cpuid_to_hartid_mask. Looking at the\nbacktrace, the illegal instruction is encountered in this same function.\nHowever, patch_text_nosync, after patching the instructions, calls\nflush_icache_range. But looking at what happens in this function:\n\nflush_icache_range -> flush_icache_all\n -> sbi_remote_fence_i\n -> __sbi_rfence_v02\n -> riscv_cpuid_to_hartid_mask\n\nThe icache and dcache of the current cpu are never synchronized between the\npatching of riscv_cpuid_to_hartid_mask and calling this same function.\n\nSo fix this by flushing the current cpu's icache before asking for the other\ncpus to do the same."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/mm/cacheflush.c"], "versions": [{"version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "427faa29e06f0709476ea1bd59758f997ec8b64e", "status": "affected", "versionType": "git"}, {"version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "f1c7aa87c423e765e3862349c2f095fdfccdd9b3", "status": "affected", "versionType": "git"}, {"version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "bb8958d5dc79acbd071397abb57b8756375fe1ce", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/mm/cacheflush.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.73", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.12", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.73"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.14.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e"}, {"url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3"}, {"url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce"}], "title": "riscv: Flush current cpu icache before other cpus", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47414", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T17:52:58.625321Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:41.022Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.118Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.118Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47414", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T17:52:58.625321Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T17:53:06.064Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "riscv: Flush current cpu icache before other cpus", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "427faa29e06f0709476ea1bd59758f997ec8b64e", "versionType": "git"}, {"status": "affected", "version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "f1c7aa87c423e765e3862349c2f095fdfccdd9b3", "versionType": "git"}, {"status": "affected", "version": "fab957c11efe2f405e08b9f0d080524bc2631428", "lessThan": "bb8958d5dc79acbd071397abb57b8756375fe1ce", "versionType": "git"}], "programFiles": ["arch/riscv/mm/cacheflush.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.15"}, {"status": "unaffected", "version": "0", "lessThan": "4.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.73", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.12", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/riscv/mm/cacheflush.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e"}, {"url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3"}, {"url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Flush current cpu icache before other cpus\n\nOn SiFive Unmatched, I recently fell onto the following BUG when booting:\n\n[ 0.000000] ftrace: allocating 36610 entries in 144 pages\n[ 0.000000] Oops - illegal instruction [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5\n[ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT)\n[ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a\n[ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10\n[ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000\n[ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60\n[ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10\n[ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000\n[ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43\n[ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000\n[ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001\n[ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000\n[ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008\n[ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188\n[ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002\n[ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26\n[ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a\n[ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32\n[ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c\n[ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360\n[ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130\n[ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6\n[ 0.000000] ---[ end trace f67eb9af4d8d492b ]---\n[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!\n[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---\n\nWhile ftrace is looping over a list of addresses to patch, it always failed\nwhen patching the same function: riscv_cpuid_to_hartid_mask. Looking at the\nbacktrace, the illegal instruction is encountered in this same function.\nHowever, patch_text_nosync, after patching the instructions, calls\nflush_icache_range. But looking at what happens in this function:\n\nflush_icache_range -> flush_icache_all\n -> sbi_remote_fence_i\n -> __sbi_rfence_v02\n -> riscv_cpuid_to_hartid_mask\n\nThe icache and dcache of the current cpu are never synchronized between the\npatching of riscv_cpuid_to_hartid_mask and calling this same function.\n\nSo fix this by flushing the current cpu's icache before asking for the other\ncpus to do the same."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.73", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14.12", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15", "versionStartIncluding": "4.15"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:10:25.725Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47414", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:10:25.725Z", "dateReserved": "2024-05-21T14:58:30.818Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:04:04.715Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AC43F41-99BA-4300-9658-77169F6C46FE", "versionEndExcluding": "5.10.73", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20EB962C-32DC-448F-A900-BCF9A726F9EB", "versionEndExcluding": "5.14.12", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Flush current cpu icache before other cpus\n\nOn SiFive Unmatched, I recently fell onto the following BUG when booting:\n\n[ 0.000000] ftrace: allocating 36610 entries in 144 pages\n[ 0.000000] Oops - illegal instruction [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5\n[ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT)\n[ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a\n[ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10\n[ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000\n[ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60\n[ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10\n[ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000\n[ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43\n[ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000\n[ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001\n[ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000\n[ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008\n[ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188\n[ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002\n[ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26\n[ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a\n[ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32\n[ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c\n[ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360\n[ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130\n[ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6\n[ 0.000000] ---[ end trace f67eb9af4d8d492b ]---\n[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!\n[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---\n\nWhile ftrace is looping over a list of addresses to patch, it always failed\nwhen patching the same function: riscv_cpuid_to_hartid_mask. Looking at the\nbacktrace, the illegal instruction is encountered in this same function.\nHowever, patch_text_nosync, after patching the instructions, calls\nflush_icache_range. But looking at what happens in this function:\n\nflush_icache_range -> flush_icache_all\n -> sbi_remote_fence_i\n -> __sbi_rfence_v02\n -> riscv_cpuid_to_hartid_mask\n\nThe icache and dcache of the current cpu are never synchronized between the\npatching of riscv_cpuid_to_hartid_mask and calling this same function.\n\nSo fix this by flushing the current cpu's icache before asking for the other\ncpus to do the same."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv: vaciar el icache de la CPU actual antes que otras CPU. En SiFive Unmatched, recientemente encontr\u00e9 el siguiente BUGal arrancar: [0.000000] ftrace: asignar 36610 entradas en 144 p\u00e1ginas [0.000000] Ups - instrucci\u00f3n ilegal [#1] [ 0.000000] M\u00f3dulos vinculados en: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Nombre del hardware: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc: riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a [ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10 [ 0 .000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000 [ 0.000000] t1 : 00000000000000004 t2 : 00000000000000000 s0: ffffffff81803e60 [0.000000] s1: 0000000000000000 a0: ffffffff81a22238 a1: ffffffff81803e10 [0.000000] a2: 000000000000000 a3: 0000000 000000000 a4: 0000000000000000 [0.000000] a5: 0000000000000000 a6: ffffffff8000989c a7: 0000000052464e43 [0.000000] s2: ffffffff81a220c8 s3: 0000000000000000 s4: 0000000000000000 [ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001 [ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000 [0.000000] s11: 0000000000000004 t3: 0000000000000001 t4: 0000000000000008 [0.000000] t5: ffcf04000808 t6: ffffffe3ffddf188 [0.000000] estado : 0000000200000100 badaddr: 0000000000000000 causa: 0000000000000002 [ 0.000000] [] riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] ffffffff80009474&gt;] sbi_remote_fence_i+0x1e/0x26 [ 0.000000] [] Flush_icache_all+0x12/0x1a [ 0.000000] [] patch_text_nosync+0x26/0x32 [ 0.000000] [] ftrace_init_nop+0x52/0x8c [ 0.000000] [] ftrace_process_locs.isra.0+0x29c/ 0x360 [ 0.000000] [] ftrace_init+ 0x80/0x130 [ 0.000000] [] start_kernel+0x5c4/0x8f6 [ 0.000000] ---[ end trace f67eb9af4d8d492b ]--- [ 0.000000] P\u00e1nico en el kernel - no se sincroniza: \u00a1Intent\u00f3 finalizar la tarea inactiva! [0.000000] ---[ fin del p\u00e1nico del kernel: no se sincroniza: \u00a1se intent\u00f3 finalizar la tarea inactiva! ]--- Mientras ftrace recorre una lista de direcciones para parchear, siempre fallaba al parchear la misma funci\u00f3n: riscv_cpuid_to_hartid_mask. Al observar el seguimiento, la instrucci\u00f3n ilegal se encuentra en esta misma funci\u00f3n. Sin embargo, patch_text_nosync, despu\u00e9s de parchear las instrucciones, llama a flush_icache_range. Pero observando lo que sucede en esta funci\u00f3n: Flush_icache_range -&gt; Flush_icache_all -&gt; sbi_remote_fence_i -&gt; __sbi_rfence_v02 -&gt; riscv_cpuid_to_hartid_mask El icache y el dcache de la CPU actual nunca se sincronizan entre el parche de riscv_cpuid_to_hartid_mask y la llamada a esta misma funci\u00f3n. As\u00ed que solucione este problema limpiando el icache de la CPU actual antes de pedirle a las otras CPU que hagan lo mismo."}], "id": "CVE-2021-47414", "lastModified": "2025-09-25T16:10:07.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:26.887", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/427faa29e06f0709476ea1bd59758f997ec8b64e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb8958d5dc79acbd071397abb57b8756375fe1ce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1c7aa87c423e765e3862349c2f095fdfccdd9b3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: riscv: Flush current cpu icache before other cpus", "id": "2282321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282321"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-399", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Flush current cpu icache before other cpus\nOn SiFive Unmatched, I recently fell onto the following BUG when booting:\n[ 0.000000] ftrace: allocating 36610 entries in 144 pages\n[ 0.000000] Oops - illegal instruction [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5\n[ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT)\n[ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a\n[ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10\n[ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000\n[ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60\n[ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10\n[ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000\n[ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43\n[ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000\n[ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001\n[ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000\n[ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008\n[ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188\n[ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002\n[ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae\n[ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26\n[ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a\n[ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32\n[ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c\n[ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360\n[ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130\n[ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6\n[ 0.000000] ---[ end trace f67eb9af4d8d492b ]---\n[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!\n[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---\nWhile ftrace is looping over a list of addresses to patch, it always failed\nwhen patching the same function: riscv_cpuid_to_hartid_mask. Looking at the\nbacktrace, the illegal instruction is encountered in this same function.\nHowever, patch_text_nosync, after patching the instructions, calls\nflush_icache_range. But looking at what happens in this function:\nflush_icache_range -> flush_icache_all\n-> sbi_remote_fence_i\n-> __sbi_rfence_v02\n-> riscv_cpuid_to_hartid_mask\nThe icache and dcache of the current cpu are never synchronized between the\npatching of riscv_cpuid_to_hartid_mask and calling this same function.\nSo fix this by flushing the current cpu's icache before asking for the other\ncpus to do the same."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47414", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47414\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47414\nhttps://lore.kernel.org/linux-cve-announce/2024052153-CVE-2021-47414-a400@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}

{"created": "2025-07-12T22:44:43.573635+00:00", "updated": "2025-07-12T22:44:43.573689+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}