CVE-2021-47617

{"id": "CVE-2021-47617", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-06-20T11:15:54.317", "references": [{"url": "https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pciehp: Fix infinite loop in IRQ handler upon power fault\n\nThe Power Fault Detected bit in the Slot Status register differs from\nall other hotplug events in that it is sticky: It can only be cleared\nafter turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:\n\n If a power controller detects a main power fault on the hot-plug slot,\n it must automatically set its internal main power fault latch [...].\n The main power fault latch is cleared when software turns off power to\n the hot-plug slot.\n\nThe stickiness used to cause interrupt storms and infinite loops which\nwere fixed in 2009 by commits 5651c48cfafe (\"PCI pciehp: fix power fault\ninterrupt storm problem\") and 99f0169c17f3 (\"PCI: pciehp: enable\nsoftware notification on empty slots\").\n\nUnfortunately in 2020 the infinite loop issue was inadvertently\nreintroduced by commit 8edf5332c393 (\"PCI: pciehp: Fix MSI interrupt\nrace\"): The hardirq handler pciehp_isr() clears the PFD bit until\npciehp's power_fault_detected flag is set. That happens in the IRQ\nthread pciehp_ist(), which never learns of the event because the hardirq\nhandler is stuck in an infinite loop. Fix by setting the\npower_fault_detected flag already in the hardirq handler."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: pciehp: soluciona el bucle infinito en el controlador IRQ ante un fallo de alimentaci\u00f3n. El bit de fallo de alimentaci\u00f3n detectado en el registro de estado de la ranura se diferencia de todos los dem\u00e1s eventos de conexi\u00f3n en caliente en que es fijo: solo puede borrarse despu\u00e9s de apagar la alimentaci\u00f3n de la ranura. Por PCIe r5.0, seg. 6.7.1.8: Si un controlador de energ\u00eda detecta una falla de energ\u00eda principal en la ranura de conexi\u00f3n en caliente, debe configurar autom\u00e1ticamente su pestillo interno de falla de energ\u00eda principal [...]. El bloqueo de fallo de alimentaci\u00f3n principal se borra cuando el software corta la alimentaci\u00f3n a la ranura de conexi\u00f3n en caliente. La rigidez sol\u00eda causar tormentas de interrupci\u00f3n y bucles infinitos que se solucionaron en 2009 mediante los commits 5651c48cfafe (\"PCI pciehp: solucionar el problema de la tormenta de interrupci\u00f3n por falla de energ\u00eda\") y 99f0169c17f3 (\"PCI: pciehp: habilitar la notificaci\u00f3n de software en ranuras vac\u00edas\"). Desafortunadamente, en 2020, el problema del bucle infinito se reintrodujo inadvertidamente mediante el commit 8edf5332c393 (\"PCI: pciehp: arreglar carrera de interrupci\u00f3n MSI\"): el controlador hardirq pciehp_isr() borra el bit PFD hasta que se establece el indicador power_fault_detected de pciehp. Eso sucede en el hilo IRQ pciehp_ist(), que nunca se entera del evento porque el controlador hardirq est\u00e1 atrapado en un bucle infinito. Para solucionarlo, configure el indicador power_fault_detected que ya est\u00e1 en el controlador hardirq."}], "lastModified": "2024-09-18T17:46:30.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C4F4C94-0B11-4523-8E15-6809491F03E7", "versionEndExcluding": "4.19.233", "versionStartIncluding": "4.19.149"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC6656B0-C3FE-4435-AE38-F8C01F20D481", "versionEndExcluding": "5.4.177", "versionStartIncluding": "5.4.69"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE8E786E-EFD7-410D-96DA-B24D81B51B12", "versionEndExcluding": "5.10.97", "versionStartIncluding": "5.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C68FC5B4-CC13-45E9-8050-EF9025F7A9B7", "versionEndExcluding": "5.15.20", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6739D89E-32C3-479D-B5F6-6865C5061FA5", "versionEndExcluding": "5.16.6", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}