CVE-2021-47523 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr This buffer is currently allocated in hfi1_init(): if (reinit) ret = init_after_reset(dd); else ret = loadtime_init(dd); if (ret) goto done; /* allocate dummy tail memory for all receive contexts */ dd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev, sizeof(u64), &dd->rcvhdrtail_dummy_dma, GFP_KERNEL); if (!dd->rcvhdrtail_dummy_kvaddr) { dd_dev_err(dd, "cannot allocate dummy tail memory\n"); ret = -ENOMEM; goto done; } The reinit triggered path will overwrite the old allocation and leak it. Fix by moving the allocation to hfi1_alloc_devdata() and the deallocation to hfi1_free_devdata().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc
https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1
https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b
https://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47523-6f3a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47523
https://www.cve.org/CVERecord?id=CVE-2021-47523

History

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:09:36.045Z

Updated: 2025-05-04T07:12:48.778Z

Reserved: 2024-05-24T15:02:54.825Z

Link: CVE-2021-47523

Vulnrichment

Updated: 2024-08-04T05:39:59.792Z

NVD

Status : Awaiting Analysis

Published: 2024-05-24T15:15:14.743

Modified: 2024-11-21T06:36:26.670

Link: CVE-2021-47523

Redhat

Severity : Low

Publid Date: 2024-05-24T00:00:00Z

Links: CVE-2021-47523 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47523", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:02:54.825Z", "datePublished": "2024-05-24T15:09:36.045Z", "dateUpdated": "2025-05-04T07:12:48.778Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:12:48.778Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr\n\nThis buffer is currently allocated in hfi1_init():\n\n\tif (reinit)\n\t\tret = init_after_reset(dd);\n\telse\n\t\tret = loadtime_init(dd);\n\tif (ret)\n\t\tgoto done;\n\n\t/* allocate dummy tail memory for all receive contexts */\n\tdd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,\n\t\t\t\t\t\t\t sizeof(u64),\n\t\t\t\t\t\t\t &dd->rcvhdrtail_dummy_dma,\n\t\t\t\t\t\t\t GFP_KERNEL);\n\n\tif (!dd->rcvhdrtail_dummy_kvaddr) {\n\t\tdd_dev_err(dd, \"cannot allocate dummy tail memory\\n\");\n\t\tret = -ENOMEM;\n\t\tgoto done;\n\t}\n\nThe reinit triggered path will overwrite the old allocation and leak it.\n\nFix by moving the allocation to hfi1_alloc_devdata() and the deallocation\nto hfi1_free_devdata()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "versions": [{"version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "2c08271f4ed0e24633b3f81ceff61052b9d45efc", "status": "affected", "versionType": "git"}, {"version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "834d0fb978643eaf09da425de197cc16a7c2761b", "status": "affected", "versionType": "git"}, {"version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "versions": [{"version": "4.5", "status": "affected"}, {"version": "0", "lessThan": "4.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.85", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.8", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.10.85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.15.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc"}, {"url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b"}, {"url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1"}], "title": "IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47523", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:17:45.550563Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:34.257Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.792Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.792Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47523", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:17:45.550563Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T19:17:51.484Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "2c08271f4ed0e24633b3f81ceff61052b9d45efc", "versionType": "git"}, {"status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "834d0fb978643eaf09da425de197cc16a7c2761b", "versionType": "git"}, {"status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "lessThan": "60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1", "versionType": "git"}], "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.5"}, {"status": "unaffected", "version": "0", "lessThan": "4.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.85", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.8", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc"}, {"url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b"}, {"url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr\n\nThis buffer is currently allocated in hfi1_init():\n\n\tif (reinit)\n\t\tret = init_after_reset(dd);\n\telse\n\t\tret = loadtime_init(dd);\n\tif (ret)\n\t\tgoto done;\n\n\t/* allocate dummy tail memory for all receive contexts */\n\tdd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,\n\t\t\t\t\t\t\t sizeof(u64),\n\t\t\t\t\t\t\t &dd->rcvhdrtail_dummy_dma,\n\t\t\t\t\t\t\t GFP_KERNEL);\n\n\tif (!dd->rcvhdrtail_dummy_kvaddr) {\n\t\tdd_dev_err(dd, \"cannot allocate dummy tail memory\\n\");\n\t\tret = -ENOMEM;\n\t\tgoto done;\n\t}\n\nThe reinit triggered path will overwrite the old allocation and leak it.\n\nFix by moving the allocation to hfi1_alloc_devdata() and the deallocation\nto hfi1_free_devdata()."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.85", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.8", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.16", "versionStartIncluding": "4.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:12:48.778Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47523", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:12:48.778Z", "dateReserved": "2024-05-24T15:02:54.825Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:09:36.045Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr\n\nThis buffer is currently allocated in hfi1_init():\n\n\tif (reinit)\n\t\tret = init_after_reset(dd);\n\telse\n\t\tret = loadtime_init(dd);\n\tif (ret)\n\t\tgoto done;\n\n\t/* allocate dummy tail memory for all receive contexts */\n\tdd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,\n\t\t\t\t\t\t\t sizeof(u64),\n\t\t\t\t\t\t\t &dd->rcvhdrtail_dummy_dma,\n\t\t\t\t\t\t\t GFP_KERNEL);\n\n\tif (!dd->rcvhdrtail_dummy_kvaddr) {\n\t\tdd_dev_err(dd, \"cannot allocate dummy tail memory\\n\");\n\t\tret = -ENOMEM;\n\t\tgoto done;\n\t}\n\nThe reinit triggered path will overwrite the old allocation and leak it.\n\nFix by moving the allocation to hfi1_alloc_devdata() and the deallocation\nto hfi1_free_devdata()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/hfi1: Correcci\u00f3n de fuga de rcvhdrtail_dummy_kvaddr. Este b\u00fafer est\u00e1 actualmente asignado en hfi1_init(): if (reinit) ret = init_after_reset(dd); de lo contrario ret = loadtime_init(dd); si (ret) ir a hecho; /* asigna memoria de cola ficticia para todos los contextos de recepci\u00f3n */ dd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev, sizeof(u64), &dd->rcvhdrtail_dummy_dma, GFP_KERNEL); if (!dd->rcvhdrtail_dummy_kvaddr) { dd_dev_err(dd, \"no se puede asignar memoria de cola ficticia\\n\"); ret = -ENOMEM; ir a hacer; } La ruta activada por reinicio sobrescribir\u00e1 la asignaci\u00f3n anterior y la filtrar\u00e1. Para solucionarlo, mueva la asignaci\u00f3n a hfi1_alloc_devdata() y la desasignaci\u00f3n a hfi1_free_devdata()."}], "id": "CVE-2021-47523", "lastModified": "2024-11-21T06:36:26.670", "metrics": {}, "published": "2024-05-24T15:15:14.743", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr", "id": "2283428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283428"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nIB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr\nThis buffer is currently allocated in hfi1_init():\nif (reinit)\nret = init_after_reset(dd);\nelse\nret = loadtime_init(dd);\nif (ret)\ngoto done;\n/* allocate dummy tail memory for all receive contexts */\ndd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,\nsizeof(u64),\n&dd->rcvhdrtail_dummy_dma,\nGFP_KERNEL);\nif (!dd->rcvhdrtail_dummy_kvaddr) {\ndd_dev_err(dd, \"cannot allocate dummy tail memory\\n\");\nret = -ENOMEM;\ngoto done;\n}\nThe reinit triggered path will overwrite the old allocation and leak it.\nFix by moving the allocation to hfi1_alloc_devdata() and the deallocation\nto hfi1_free_devdata()."], "name": "CVE-2021-47523", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47523\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47523\nhttps://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47523-6f3a@gregkh/T"], "threat_severity": "Low"}