Improper Initialization Affecting kernel-rt-devel package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRTDEVEL-7003932
- published 22 May 2024
- disclosed 21 May 2024
Introduced: 21 May 2024
CVE-2021-47424 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7
kernel-rt-devel
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-devel
package and not the kernel-rt-devel
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix freeing of uninitialized misc IRQ vector
When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a kernel Oops:
Trying to free already-free IRQ 266 WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 __free_irq+0x9a/0x300 Workqueue: events work_for_cpu_fn RIP: 0010:__free_irq+0x9a/0x300 Call Trace: ? synchronize_irq+0x3a/0xa0 free_irq+0x2e/0x60 i40e_clear_interrupt_scheme+0x53/0x190 [i40e] i40e_probe.part.108+0x134b/0x1a40 [i40e] ? kmem_cache_alloc+0x158/0x1c0 ? acpi_ut_update_ref_count.part.1+0x8e/0x345 ? acpi_ut_update_object_reference+0x15e/0x1e2 ? strstr+0x21/0x70 ? irq_get_irq_data+0xa/0x20 ? mp_check_pin_attr+0x13/0xc0 ? irq_get_irq_data+0xa/0x20 ? mp_map_pin_to_irq+0xd3/0x2f0 ? acpi_register_gsi_ioapic+0x93/0x170 ? pci_conf1_read+0xa4/0x100 ? pci_bus_read_config_word+0x49/0x70 ? do_pci_enable_device+0xcc/0x100 local_pci_probe+0x41/0x90 work_for_cpu_fn+0x16/0x20 process_one_work+0x1a7/0x360 worker_thread+0x1cf/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x1f/0x40
The problem is that at that point misc IRQ vectors were not allocated yet and we get a call trace that driver is trying to free already free IRQ vectors.
Add a check in i40e_clear_interrupt_scheme for __I40E_MISC_IRQ_REQUESTED PF state before calling i40e_free_misc_vector. This state is set only if misc IRQ vectors were properly initialized.
References
- https://access.redhat.com/security/cve/CVE-2021-47424
- https://git.kernel.org/stable/c/17063cac4088b8e2fc0f633abddca5426ed58312
- https://git.kernel.org/stable/c/2e5a20573a926302b233b0c2e1077f5debc7ab2e
- https://git.kernel.org/stable/c/60ad4cde0ad28921f9ea25b0201c774b95ffa4b4
- https://git.kernel.org/stable/c/75099439209d3cda439a1d9b00d19a50f0066fef
- https://git.kernel.org/stable/c/97aeed72af4f83ae51534f0a2473ff52f8d66236