CVE-2021-47130
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix freeing unallocated p2pmem
In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a crash (BUG() is called). Instead, assign the p2p_dev for the request only if it was allocated from p2p pool.
This is the crash that was caused:
[Sun May 30 19:13:53 2021] ————[ cut here ]———— [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI … [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! … [Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0 … [Sun May 30 19:13:53 2021] Call Trace: [Sun May 30 19:13:53 2021] ————[ cut here ]———— [Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70 [Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80 [Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet] [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma] [Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c6e3f13398123a008cd2ee28f93510b113a32791 < c440cd080761b18a52cac20f2a42e5da1e3995af | affected |
| Linux | Linux | c6e3f13398123a008cd2ee28f93510b113a32791 < 8a452d62e7cea3c8a2676a3b89a9118755a1a271 | affected |
| Linux | Linux | c6e3f13398123a008cd2ee28f93510b113a32791 < bcd9a0797d73eeff659582f23277e7ab6e5f18f3 | affected |
| Linux | Linux | 5.8 | affected |
| Linux | Linux | 0 < 5.8 | unaffected |
| Linux | Linux | 5.10.43 <= 5.10.* | unaffected |
| Linux | Linux | 5.12.10 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af
- https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271
- https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3
References
- https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af
- https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271
- https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.