CVE-2021-47001

2024-02-2809:15:38

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

cve-2021-47001

linux kernel

xprtrdma

vulnerability

cwnd update

rnr

connection loss

nvd

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

xprtrdma: Fix cwnd update ordering

After a reconnect, the reply handler is opening the cwnd (and thus
enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()
can post enough Receive WRs to receive their replies. This causes an
RNR and the new connection is lost immediately.

The race is most clearly exposed when KASAN and disconnect injection
are enabled. This slows down rpcrdma_rep_create() enough to allow
the send side to post a bunch of RPC Calls before the Receive
completion handler can invoke ib_post_recv().

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.5–5.10.38

linuxlinux_kernelRange5.11.0–5.11.22

linuxlinux_kernelRange5.12.0–5.12.5

linuxlinux_kernelRange5.13.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/xprtrdma/rpc_rdma.c",
      "net/sunrpc/xprtrdma/verbs.c",
      "net/sunrpc/xprtrdma/xprt_rdma.h"
    ],
    "versions": [
      {
        "version": "2ae50ad68cd7",
        "lessThan": "eddae8be7944",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2ae50ad68cd7",
        "lessThan": "8834ecb5df22",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2ae50ad68cd7",
        "lessThan": "19b5fa9489b5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2ae50ad68cd7",
        "lessThan": "35d8b10a2588",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/xprtrdma/rpc_rdma.c",
      "net/sunrpc/xprtrdma/verbs.c",
      "net/sunrpc/xprtrdma/xprt_rdma.h"
    ],
    "versions": [
      {
        "version": "5.5",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.5",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.38",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.11.22",
        "lessThanOrEqual": "5.11.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.12.5",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]