{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47567", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:11:00.728Z", "datePublished": "2024-05-24T15:12:54.081Z", "dateUpdated": "2024-08-04T05:39:59.830Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:10:15.272Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/32: Fix hardlockup on vmap stack overflow\n\nSince the commit c118c7303ad5 (\"powerpc/32: Fix vmap stack - Do not\nactivate MMU before reading task struct\") a vmap stack overflow\nresults in a hard lockup. This is because emergency_ctx is still\naddressed with its virtual address allthough data MMU is not active\nanymore at that time.\n\nFix it by using a physical address instead."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/head_32.h"], "versions": [{"version": "c118c7303ad5", "lessThan": "dfe906da9a1a", "status": "affected", "versionType": "git"}, {"version": "c118c7303ad5", "lessThan": "c4e3ff8b8b1d", "status": "affected", "versionType": "git"}, {"version": "c118c7303ad5", "lessThan": "5bb60ea611db", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/head_32.h"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.83", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.6", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7"}, {"url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b"}, {"url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e"}], "title": "powerpc/32: Fix hardlockup on vmap stack overflow", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:34:28.307539Z", "id": "CVE-2021-47567", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:34:41.747Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.830Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.830Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47567", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:34:28.307539Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:34:29.564Z"}}], "cna": {"title": "powerpc/32: Fix hardlockup on vmap stack overflow", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c118c7303ad5", "lessThan": "dfe906da9a1a", "versionType": "git"}, {"status": "affected", "version": "c118c7303ad5", "lessThan": "c4e3ff8b8b1d", "versionType": "git"}, {"status": "affected", "version": "c118c7303ad5", "lessThan": "5bb60ea611db", "versionType": "git"}], "programFiles": ["arch/powerpc/kernel/head_32.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.83", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.6", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/powerpc/kernel/head_32.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7"}, {"url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b"}, {"url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/32: Fix hardlockup on vmap stack overflow\n\nSince the commit c118c7303ad5 (\"powerpc/32: Fix vmap stack - Do not\nactivate MMU before reading task struct\") a vmap stack overflow\nresults in a hard lockup. This is because emergency_ctx is still\naddressed with its virtual address allthough data MMU is not active\nanymore at that time.\n\nFix it by using a physical address instead."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:10:15.272Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47567", "state": "PUBLISHED", "dateUpdated": "2024-08-04T05:39:59.830Z", "dateReserved": "2024-05-24T15:11:00.728Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:12:54.081Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/32: Fix hardlockup on vmap stack overflow\n\nSince the commit c118c7303ad5 (\"powerpc/32: Fix vmap stack - Do not\nactivate MMU before reading task struct\") a vmap stack overflow\nresults in a hard lockup. This is because emergency_ctx is still\naddressed with its virtual address allthough data MMU is not active\nanymore at that time.\n\nFix it by using a physical address instead."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/32: corrige el bloqueo f\u00edsico en el desbordamiento de la pila de vmap Desde El commit c118c7303ad5 (\"powerpc/32: corrige la pila de vmap - No activar MMU antes de leer la estructura de la tarea\") un desbordamiento de la pila de vmap resulta en un bloqueo duro. Esto se debe a que Emergency_ctx todav\u00eda se aborda con su direcci\u00f3n virtual, aunque la MMU de datos ya no est\u00e9 activa en ese momento. Solucionarlo utilizando una direcci\u00f3n f\u00edsica en su lugar."}], "id": "CVE-2021-47567", "lastModified": "2024-05-24T18:09:20.027", "metrics": {}, "published": "2024-05-24T15:15:21.837", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: powerpc/32: Fix hardlockup on vmap stack overflow", "id": "2283462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283462"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\npowerpc/32: Fix hardlockup on vmap stack overflow\nSince the commit c118c7303ad5 (\"powerpc/32: Fix vmap stack - Do not\nactivate MMU before reading task struct\") a vmap stack overflow\nresults in a hard lockup. This is because emergency_ctx is still\naddressed with its virtual address allthough data MMU is not active\nanymore at that time.\nFix it by using a physical address instead."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47567", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47567\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47567\nhttps://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47567-b955@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.83, kernel 5.15.6, kernel 5.16"}