Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47587
HistoryJun 19, 2024 - 2:53 p.m.

CVE-2021-47587 net: systemport: Add global locking for descriptor lifecycle

2024-06-1914:53:52
Linux
www.cve.org
1
linux kernel
systemport
global locking
vulnerability
descriptor lifecycle

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: systemport: Add global locking for descriptor lifecycle

The descriptor list is a shared resource across all of the transmit queues, and
the locking mechanism used today only protects concurrency across a given
transmit queue between the transmit and reclaiming. This creates an opportunity
for the SYSTEMPORT hardware to work on corrupted descriptors if we have
multiple producers at once which is the case when using multiple transmit
queues.

This was particularly noticeable when using multiple flows/transmit queues and
it showed up in interesting ways in that UDP packets would get a correct UDP
header checksum being calculated over an incorrect packet length. Similarly TCP
packets would get an equally correct checksum computed by the hardware over an
incorrect packet length.

The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges
when the driver produces a new descriptor anytime it writes to the
WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to
re-organize its descriptors and it is possible that concurrent TX queues
eventually break this internal allocation scheme to the point where the
length/status part of the descriptor gets used for an incorrect data buffer.

The fix is to impose a global serialization for all TX queues in the short
section where we are writing to the WRITE_PORT_{HI,LO} registers which solves
the corruption even with multiple concurrent TX queues being used.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/broadcom/bcmsysport.c",
      "drivers/net/ethernet/broadcom/bcmsysport.h"
    ],
    "versions": [
      {
        "version": "80105befdb4b",
        "lessThan": "8ed2f5d08d6e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "de57f62f7645",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "f3fde37d3f0d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "595a684fa6f2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "c675256a7f13",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "6e1011cd183f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "eb4687c74429",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "80105befdb4b",
        "lessThan": "8b8e6e782456",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/broadcom/bcmsysport.c",
      "drivers/net/ethernet/broadcom/bcmsysport.h"
    ],
    "versions": [
      {
        "version": "3.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.16",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.4.296",
        "lessThanOrEqual": "4.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.294",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.259",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.222",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.168",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.88",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.11",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cve 1
redhatcve 1
nvd 1
debiancve 1
ubuntucve 1
cve
cve
CVE-2021-47587
2024-06-19 15:15:53
redhatcve
redhatcve
CVE-2021-47587
2024-06-20 11:27:10
nvd
nvd
CVE-2021-47587
2024-06-19 15:15:53
debiancve
debiancve
CVE-2021-47587
2024-06-19 15:15:53
ubuntucve
ubuntucve
CVE-2021-47587
2024-06-20 00:00:00

0.0004 Low

EPSS

Percentile

13.1%

JSON
Related for CVELIST:CVE-2021-47587
cve1redhatcve1nvd1debiancve1ubuntucve1