CVE-2021-47584

{"id": "CVE-2021-47584", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-06-19T15:15:52.947", "references": [{"url": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-369"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niocost: Fix divide-by-zero on donation from low hweight cgroup\n\nThe donation calculation logic assumes that the donor has non-zero\nafter-donation hweight, so the lowest active hweight a donating cgroup can\nhave is 2 so that it can donate 1 while keeping the other 1 for itself.\nEarlier, we only donated from cgroups with sizable surpluses so this\ncondition was always true. However, with the precise donation algorithm\nimplemented, f1de2439ec43 (\"blk-iocost: revamp donation amount\ndetermination\") made the donation amount calculation exact enabling even low\nhweight cgroups to donate.\n\nThis means that in rare occasions, a cgroup with active hweight of 1 can\nenter donation calculation triggering the following warning and then a\ndivide-by-zero oops.\n\n WARNING: CPU: 4 PID: 0 at block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867]\n ...\n RIP: 0010:transfer_surpluses.cold+0x0/0x53\n Code: 92 ff 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff <0f> 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0\n4\n ...\n Call Trace:\n <IRQ>\n ioc_timer_fn+0x1043/0x1390\n call_timer_fn+0xa1/0x2c0\n __run_timers.part.0+0x1ec/0x2e0\n run_timer_softirq+0x35/0x70\n ...\n iocg: invalid donation weights in /a/b: active=1 donating=1 after=0\n\nFix it by excluding cgroups w/ active hweight < 2 from donating. Excluding\nthese extreme low hweight donations shouldn't affect work conservation in\nany meaningful way."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iocost: corrige la divisi\u00f3n por cero en la donaci\u00f3n de un grupo c de bajo peso. La l\u00f3gica de c\u00e1lculo de la donaci\u00f3n supone que el donante tiene un peso posterior a la donaci\u00f3n distinto de cero, por lo que el peso activo m\u00e1s bajo es una donaci\u00f3n. cgroup puede tener 2 para poder donar 1 y conservar el otro para s\u00ed mismo. Anteriormente, solo don\u00e1bamos de grupos comunitarios con excedentes considerables, por lo que esta condici\u00f3n siempre fue cierta. Sin embargo, con el algoritmo de donaci\u00f3n preciso implementado, f1de2439ec43 (\"blk-iocost: renovar la determinaci\u00f3n del monto de la donaci\u00f3n\") hizo que el c\u00e1lculo del monto de la donaci\u00f3n fuera exacto, permitiendo que incluso los grupos de bajo peso donaran. Esto significa que, en raras ocasiones, un grupo con un peso activo de 1 puede ingresar al c\u00e1lculo de la donaci\u00f3n, lo que genera la siguiente advertencia y luego una divisi\u00f3n por cero. ADVERTENCIA: CPU: 4 PID: 0 en block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867] ... RIP: 0010:transfer_surpluses.cold+0x0/0x53 C\u00f3digo: 92 y siguientes 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff &lt;0f&gt; 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0 4 ... Seguimiento de llamadas: ioc_timer_fn+0x1043/0x1390 call_timer_fn+0xa1/0x2c0 __run_timers.part.0+0x1ec/0x2e0 run_timer_softirq+0x35/0x70 ... iocg : pesos de donaci\u00f3n no v\u00e1lidos en /a/b: activo=1 donaci\u00f3n=1 despu\u00e9s=0 Corr\u00edjalo excluyendo cgroups con hweight activo &lt; 2 de la donaci\u00f3n. Excluir estas donaciones de peso extremadamente bajo no deber\u00eda afectar la conservaci\u00f3n del trabajo de ninguna manera significativa."}], "lastModified": "2024-08-19T18:35:20.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4181F8-6C8B-4641-A13A-D558F76ABA69", "versionEndExcluding": "5.10.88", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669", "versionEndExcluding": "5.15.11", "versionStartIncluding": "5.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}