CVE-2021-47617

2024-06-2011:15:54

CWE-835

Linux

web.nvd.nist.gov

linux kernel

pci

power fault

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:

If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch […].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.

The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe (“PCI pciehp: fix power fault
interrupt storm problem”) and 99f0169c17f3 (“PCI: pciehp: enable
software notification on empty slots”).

Unfortunately in 2020 the infinite loop issue was inadvertently
reintroduced by commit 8edf5332c393 (“PCI: pciehp: Fix MSI interrupt
race”): The hardirq handler pciehp_isr() clears the PFD bit until
pciehp’s power_fault_detected flag is set. That happens in the IRQ
thread pciehp_ist(), which never learns of the event because the hardirq
handler is stuck in an infinite loop. Fix by setting the
power_fault_detected flag already in the hardirq handler.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange4.19.149–4.19.233

linuxlinux_kernelRange5.4.69–5.4.177

linuxlinux_kernelRange5.7–5.10.97

linuxlinux_kernelRange5.11–5.15.20

linuxlinux_kernelRange5.16–5.16.6

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/pci/hotplug/pciehp_hpc.c"
    ],
    "versions": [
      {
        "version": "a8cc52270f3d",
        "lessThan": "ff27f7d0333c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4667358dab9c",
        "lessThan": "464da38ba827",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8edf5332c393",
        "lessThan": "3b4c966fb156",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8edf5332c393",
        "lessThan": "1db58c6584a7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8edf5332c393",
        "lessThan": "6d6f1f0dac3e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8edf5332c393",
        "lessThan": "23584c1ed3e1",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/pci/hotplug/pciehp_hpc.c"
    ],
    "versions": [
      {
        "version": "5.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.233",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.177",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.97",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.20",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.6",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]