5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
In the Linux kernel, the following vulnerability has been resolved: sfc:
adjust efx->xdp_tx_queue_count with the real number of initialized queues
efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and
is later used to allocate and traverse efx->xdp_tx_queues lookup array.
However, we may end up not initializing all the array slots with real
queues during probing. This results, for example, in a NULL pointer
dereference, when running “# ethtool -S <iface>”, similar to below
[2570283.664955][T4126959] BUG: kernel NULL pointer dereference, address:
00000000000000f8 [2570283.681283][T4126959] #PF: supervisor read access in
kernel mode [2570283.695678][T4126959] #PF: error_code(0x0000) -
not-present page [2570283.710013][T4126959] PGD 0 P4D 0
[2570283.721649][T4126959] Oops: 0000 [#1] SMP PTI
[2570283.734108][T4126959] CPU: 23 PID: 4126959 Comm: ethtool Tainted: G O
5.10.20-cloudflare-2021.3.1 #1 [2570283.752641][T4126959] Hardware name:
<redacted> [2570283.781408][T4126959] RIP:
0010:efx_ethtool_get_stats+0x2ca/0x330 [sfc] [2570283.796073][T4126959]
Code: 00 85 c0 74 39 48 8b 95 a8 0f 00 00 48 85 d2 74 2d 31 c0 eb 07 48 8b
95 a8 0f 00 00 48 63 c8 49 83 c4 08 83 c0 01 48 8b 14 ca <48> 8b 92 f8 00
00 00 49 89 54 24 f8 39 85 a0 0f 00 00 77 d7 48 8b
[2570283.831259][T4126959] RSP: 0018:ffffb79a77657ce8 EFLAGS: 00010202
[2570283.845121][T4126959] RAX: 0000000000000019 RBX: ffffb799cd0c9280 RCX:
0000000000000018 [2570283.860872][T4126959] RDX: 0000000000000000 RSI:
ffff96dd970ce000 RDI: 0000000000000005 [2570283.876525][T4126959] RBP:
ffff96dd86f0a000 R08: ffff96dd970ce480 R09: 000000000000005f
[2570283.892014][T4126959] R10: ffffb799cd0c9fff R11: ffffb799cd0c9000 R12:
ffffb799cd0c94f8 [2570283.907406][T4126959] R13: ffffffffc11b1090 R14:
ffff96dd970ce000 R15: ffffffffc11cd66c [2570283.922705][T4126959] FS:
00007fa7723f8740(0000) GS:ffff96f51fac0000(0000) knlGS:0000000000000000
[2570283.938848][T4126959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2570283.952524][T4126959] CR2: 00000000000000f8 CR3: 0000001a73e6e006 CR4:
00000000007706e0 [2570283.967529][T4126959] DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000 [2570283.982400][T4126959] DR3:
0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[2570283.997308][T4126959] PKRU: 55555554 [2570284.007649][T4126959] Call
Trace: [2570284.017598][T4126959] dev_ethtool+0x1832/0x2830 Fix this by
adjusting efx->xdp_tx_queue_count after probing to reflect the true value
of initialized slots in efx->xdp_tx_queues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/99ba0ea616aabdc8e26259fd722503e012199a76 (5.13-rc1)
git.kernel.org/stable/c/99ba0ea616aabdc8e26259fd722503e012199a76
git.kernel.org/stable/c/ebeac958b690123a0b40aa61f688f2f170035fad
launchpad.net/bugs/cve/CVE-2021-46947
nvd.nist.gov/vuln/detail/CVE-2021-46947
security-tracker.debian.org/tracker/CVE-2021-46947
www.cve.org/CVERecord?id=CVE-2021-46947
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%