CVE-2021-47242

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-47242

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47242.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-47242

Downstream

UBUNTU-CVE-2021-47242

Published

2024-05-21T15:15:13.327Z

Modified

2026-03-15T14:45:45.125443Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix soft lookup in subflowerrorreport()

Maxim reported a soft lookup in subflowerrorreport():

watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0] RIP: 0010:nativequeuedspinlockslowpath RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202 RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88 RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4 R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88 R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700 FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0 Call Trace: <IRQ> rawspinlockbh subflowerrorreport mptcpsubflowdata_available __mptcpmoveskbsfromsubflow mptcpdataready tcpdataqueue tcprcvestablished tcpv4dorcv tcpv4rcv ipprotocoldeliverrcu iplocaldeliver_finish __netifreceiveskbonecore netifreceiveskb rtl8139_poll 8139too __napipoll netrx_action __do_softirq _irqexitrcu commoninterrupt </IRQ>

The calling function - mptcpsubflowdataavailable() - can be invoked from different contexts: - plain ssk socket lock - ssk socket lock + mptcpdatalock - ssk socket lock + mptcpdata_lock + msk socket lock.

Since subflowerrorreport() tries to acquire the mptcpdatalock, the latter two call chains will cause soft lookup.

This change addresses the issue moving the error reporting call to outer functions, where the held locks list is known and the we can acquire only the needed one.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47242.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "5.11.12"
            },
            {
                "fixed": "5.12.13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.13-rc6"
            }
        ]
    }
]