CVE-2021-47174

In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to
non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING:
CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128
kernel_fpu_begin_mask+0xae/0xe0 [709732.358793] Modules linked in:
binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables
nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr
intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal
intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel
drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper
mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas
pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei
acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache
jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq
async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq
libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci
tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul
crct10dif_common bnxt_en crc32c_intel scsi_mod [709732.358941] pps_core
i2c_i801 lpc_ich i2c_smbus wmi usb_common [709732.358957] CPU: 3 PID: 456
Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian
5.10.24-1~bpo10+1 [709732.358959] Hardware name: Dell Inc. PowerEdge
R440/04JN2K, BIOS 2.9.3 09/23/2020 [709732.358964] RIP:
0010:kernel_fpu_begin_mask+0xae/0xe0 [709732.358969] Code: ae 54 24 04 83
e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b
c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7
00 14 00 00 e8 dd fb ff ff eb [709732.358972] RSP: 0018:ffffbb9700304740
EFLAGS: 00010202 [709732.358976] RAX: 0000000000000001 RBX:
0000000000000003 RCX: 0000000000000001 [709732.358979] RDX:
ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003
[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09:
ffff922fc711e462 [709732.358984] R10: 000000000000005f R11:
ffff922ff0b27180 R12: ffffbb9700304960 [709732.358987] R13:
ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660
[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000)
knlGS:0000000000000000 [709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 [709732.358996] CR2: 0000557a6655bdd0 CR3:
000000026020a001 CR4: 00000000007706e0 [709732.358999] DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400 [709732.359003] PKRU: 55555554 [709732.359005] Call Trace:
[709732.359009] <IRQ> [709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba
[nf_tables] [709732.359046] ? sched_clock+0x5/0x10 [709732.359054] ?
sched_clock_cpu+0xc/0xb0 [709732.359061] ? record_times+0x16/0x80
[709732.359068] ? plist_add+0xc1/0x100 [709732.359073] ?
psi_group_change+0x47/0x230 [709732.359079] ? skb_clone+0x4d/0xb0
[709732.359085] ? enqueue_task_rt+0x22b/0x310 [709732.359098] ?
bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] [709732.359102] ?
packet_rcv+0x40/0x4a0 [709732.359121] nft_lookup_eval+0x59/0x160
[nf_tables] [709732.359133] nft_do_chain+0x350/0x500 [nf_tables]
[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359163] ?
nft_do_chain+0x364/0x500 [nf_tables] [709732.359172] ?
fib4_rule_action+0x6d/0x80 [709732.359178] ? fib_rules_lookup+0x107/0x250
[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] [709732.359193]
nf_nat_inet_fn+0xea/0x210 [nf_nat] [709732.359202]
nf_nat_ipv4_out+0x14/0xa0 [nf_nat] [709732.359207] nf_hook_slow+0x44/0xc0
[709732.359214] ip_output+0xd2/0x100 [709732.359221] ?
__ip_finish_output+0x210/0x210 [709732.359226] ip_forward+0x37d/0x4a0
[709732.359232] ? ip4_key_hashfn+0xb0/0xb0 [709732.359238] ip_subli
—truncated—