Bugzilla – Bug 1224865
VUL-0: CVE-2021-47247: kernel: net/mlx5e: Fix use-after-free of encap entry in neigh update handler
Last modified: 2024-07-19 14:10:21 UTC
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free: [23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635 [23827.472251] [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5 [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core] [23827.476731] Call Trace: [23827.477260] dump_stack+0xbb/0x107 [23827.477906] print_address_description.constprop.0+0x18/0x140 [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.480905] kasan_report.cold+0x7c/0xd8 [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.482744] kasan_check_range+0x145/0x1a0 [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core] [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core] [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core] [23827.497486] ? read_word_at_a_time+0xe/0x20 [23827.498250] ? strscpy+0xa0/0x2a0 [23827.498889] process_one_work+0x8ac/0x14e0 [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400 [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [23827.501359] ? rwlock_bug.part.0+0x90/0x90 [23827.502116] worker_thread+0x53b/0x1220 [23827.502831] ? process_one_work+0x14e0/0x14e0 [23827.503627] kthread+0x328/0x3f0 [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40 [23827.505065] ? __kthread_bind_mask+0x90/0x90 [23827.505912] ret_from_fork+0x1f/0x30 [23827.506621] [23827.506987] Allocated by task 28248: [23827.507694] kasan_save_stack+0x1b/0x40 [23827.508476] __kasan_kmalloc+0x7c/0x90 [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core] [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core] [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core] [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core] [23827.513298] tc_setup_cb_add+0x1d5/0x420 [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower] [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower] [23827.515821] tc_new_tfilter+0x89a/0x2070 [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0 [23827.517300] netlink_rcv_skb+0x11d/0x340 [23827.518021] netlink_unicast+0x42b/0x700 [23827.518742] netlink_sendmsg+0x743/0xc20 [23827.519467] sock_sendmsg+0xb2/0xe0 [23827.520131] ____sys_sendmsg+0x590/0x770 [23827.520851] ___sys_sendmsg+0xd8/0x160 [23827.521552] __sys_sendmsg+0xb7/0x140 [23827.522238] do_syscall_64+0x3a/0x70 [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae [23827.523797] [23827.524163] Freed by task 25948: [23827.524780] kasan_save_stack+0x1b/0x40 [23827.525488] kasan_set_track+0x1c/0x30 [23827.526187] kasan_set_free_info+0x20/0x30 [23827.526968] __kasan_slab_free+0xed/0x130 [23827.527709] slab_free_freelist_hook+0xcf/0x1d0 [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0 [23827.529317] kfree_rcu_work+0x55f/0xb70 [23827.530024] process_one_work+0x8ac/0x14e0 [23827.530770] worker_thread+0x53b/0x1220 [23827.531480] kthread+0x328/0x3f0 [23827.532114] ret_from_fork+0x1f/0x30 [23827.532785] [23827.533147] Last potentially related work creation: [23827.534007] kasan_save_stack+0x1b/0x40 [23827.534710] kasan_record_aux_stack+0xab/0xc0 [23827.535492] kvfree_call_rcu+0x31/0x7b0 [23827.536206] mlx5e_tc_del ---truncated--- References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47247 https://www.cve.org/CVERecord?id=CVE-2021-47247 https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93 https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47247.mbox
joeyli@linux-691t:/mnt/working/source_code-git/kernel-source> ./scripts/check-kernel-fix CVE-2021-47247 fb1a3132ee1a ("net/mlx5e: Fix use-after-free of encap entry in neigh update handler") merged v5.13-rc7~8^2~59^2~10 Fixes: 2a1f1768fa17 ("net/mlx5e: Refactor neigh update for concurrent execution") merged v5.4-rc1~131^2~176^2~4 Security fix for CVE-2021-47247 bsc#1224865 with CVSS 7.8 Experts candidates: tbogendoerfer@suse.de denis.kirjanov@suse.com .............................. ACTION NEEDED! cve/linux-5.3-LTSS: MANUAL: backport fb1a3132ee1ac968316e45d21a48703a6db0b6c3 (Fixes 2a1f1768fa17)
Hi Denis, Because this is a issue for net. Could you please help to handle it? If this is not in your area, just reset bug assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert. Thanks a lot!
SUSE-SU-2024:2365-1: An update that solves 38 vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1171988, 1191958, 1195065, 1195254, 1202623, 1218148, 1219224, 1222015, 1223138, 1223384, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226563, 1226587, 1226595, 1226670, 1226672, 1226712, 1226732, 1226758, 1226786, 1226962 CVE References: CVE-2020-10135, CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47583, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48760, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26921, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560 Maintenance Incident: [SUSE:Maintenance:34559](https://smelt.suse.de/incident/34559/) Sources used: SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_50-1-150200.5.3.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2362-1: An update that solves 72 vulnerabilities and has 10 security fixes can now be installed. Category: security (important) Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1223384, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226758, 1226762, 1226786, 1226962 CVE References: CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560 Maintenance Incident: [SUSE:Maintenance:34562](https://smelt.suse.de/incident/34562/) Sources used: openSUSE Leap 15.3 (src): kernel-obs-build-5.3.18-150300.59.167.1, kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-source-5.3.18-150300.59.167.1, kernel-obs-qa-5.3.18-150300.59.167.1, kernel-syms-5.3.18-150300.59.167.1 SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1 SUSE Enterprise Storage 7.1 (src): kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2384-1: An update that solves 68 vulnerabilities and has 13 security fixes can now be installed. Category: security (important) Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226762, 1226785, 1226786, 1226962 CVE References: CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560 Maintenance Incident: [SUSE:Maintenance:34695](https://smelt.suse.de/incident/34695/) Sources used: SUSE Linux Enterprise Micro 5.1 (src): kernel-source-rt-5.3.18-150300.175.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-source-rt-5.3.18-150300.175.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-source-rt-5.3.18-150300.175.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.