CVE-2021-47369

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47369
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47369.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47369
Related
Published
2024-05-21T15:15:22Z
Modified
2024-09-11T04:41:09.179041Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/qeth: fix NULL deref in qethclearworkingpoollist()

When qethsetonline() calls qethclearworkingpoollist() to roll back after an error exit from qethhardsetupcard(), we are at risk of accessing card->qdio.inq before it was allocated by qethallocqdioqueues() via qethmpcinitialize().

qethclearworkingpoollist() then dereferences NULL, and by writing to queue->bufs[i].pool_entry scribbles all over the CPU's lowcore. Resulting in a crash when those lowcore areas are used next (eg. on the next machine-check interrupt).

Such a scenario would typically happen when the device is first set online and its queues aren't allocated yet. An early IO error or certain misconfigs (eg. mismatched transport mode, bad portno) then cause us to error out from qethhardsetupcard() with card->qdio.in_q still being NULL.

Fix it by checking the pointer for NULL before accessing it.

Note that we also have (rare) paths inside qethmpcinitialize() where a configuration change can cause us to free the existing queues, expecting that subsequent code will allocate them again. If we then error out before that re-allocation happens, the same bug occurs.

Root-caused-by: Heiko Carstens hca@linux.ibm.com

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.70-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}