CVE-2021-47424

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47424
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47424.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47424
Related
Published
2024-05-21T15:15:27Z
Modified
2024-09-18T03:17:27.657019Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix freeing of uninitialized misc IRQ vector

When VSI set up failed in i40eprobe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40eclearinterruptscheme and produced a kernel Oops:

Trying to free already-free IRQ 266 WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 freeirq+0x9a/0x300 Workqueue: events workforcpufn RIP: 0010:freeirq+0x9a/0x300 Call Trace: ? synchronizeirq+0x3a/0xa0 freeirq+0x2e/0x60 i40eclearinterruptscheme+0x53/0x190 [i40e] i40eprobe.part.108+0x134b/0x1a40 [i40e] ? kmemcachealloc+0x158/0x1c0 ? acpiutupdaterefcount.part.1+0x8e/0x345 ? acpiutupdateobjectreference+0x15e/0x1e2 ? strstr+0x21/0x70 ? irqgetirqdata+0xa/0x20 ? mpcheckpinattr+0x13/0xc0 ? irqgetirqdata+0xa/0x20 ? mpmappintoirq+0xd3/0x2f0 ? acpiregistergsiioapic+0x93/0x170 ? pciconf1read+0xa4/0x100 ? pcibusreadconfigword+0x49/0x70 ? dopcienabledevice+0xcc/0x100 localpciprobe+0x41/0x90 workforcpufn+0x16/0x20 processonework+0x1a7/0x360 workerthread+0x1cf/0x390 ? createworker+0x1a0/0x1a0 kthread+0x112/0x130 ? kthreadflushworkfn+0x10/0x10 retfromfork+0x1f/0x40

The problem is that at that point misc IRQ vectors were not allocated yet and we get a call trace that driver is trying to free already free IRQ vectors.

Add a check in i40eclearinterruptscheme for _I40EMISCIRQREQUESTED PF state before calling i40efreemiscvector. This state is set only if misc IRQ vectors were properly initialized.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}