CVE-2021-47523

Summary

In the Linux kernel, the following vulnerability has been resolved:

IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr

This buffer is currently allocated in hfi1_init():

if (reinit)
	ret = init_after_reset(dd);
else
	ret = loadtime_init(dd);
if (ret)
	goto done;

/* allocate dummy tail memory for all receive contexts */
dd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,
						 sizeof(u64),
						 &dd->rcvhdrtail_dummy_dma,
						 GFP_KERNEL);

if (!dd->rcvhdrtail_dummy_kvaddr) {
	dd_dev_err(dd, "cannot allocate dummy tail memory\n");
	ret = -ENOMEM;
	goto done;
}

The reinit triggered path will overwrite the old allocation and leak it.

Fix by moving the allocation to hfi1_alloc_devdata() and the deallocation to hfi1_free_devdata().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux46b010d3eeb8eb29c740c4ef09c666485f5c07e6 < 2c08271f4ed0e24633b3f81ceff61052b9d45efcaffected
LinuxLinux46b010d3eeb8eb29c740c4ef09c666485f5c07e6 < 834d0fb978643eaf09da425de197cc16a7c2761baffected
LinuxLinux46b010d3eeb8eb29c740c4ef09c666485f5c07e6 < 60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1affected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux5.10.85 <= 5.10.*unaffected
LinuxLinux5.15.8 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References