CVE-2021-47015

一、漏洞信息
 漏洞编号：[CVE-2021-47015](https://nvd.nist.gov/vuln/detail/CVE-2021-47015)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
 CVSS V2.0分值：
  BaseScore：0.0 Low
  Vector：CVSS：2.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:bnxt_en: Fix RX consumer index logic in the error path.In bnxt_rx_pkt(), the RX buffers are expected to complete in order.If the RX consumer index indicates an out of order buffer completion,it means we are hitting a hardware bug and the driver will abort allremaining RX packets and reset the RX ring.  The RX consumer indexthat we pass to bnxt_discard_rx() is not correct.  We should bepassing the current index (tmp_raw_cons) instead of the old index(raw_cons).  This bug can cause us to be at the wrong index whentrying to abort the next RX packet.  It can crash like this: #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007 #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232 #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978 #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0 #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24 #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12 #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5    [exception RIP: bnxt_rx_pkt+237]    RIP: ffffffffc0259cdd  RSP: ffff9bbcdf5c3d98  RFLAGS: 00010213    RAX: 000000005dd8097f  RBX: ffff9ba4cb11b7e0  RCX: ffffa923cf6e9000    RDX: 0000000000000fff  RSI: 0000000000000627  RDI: 0000000000001000    RBP: ffff9bbcdf5c3e60   R8: 0000000000420003   R9: 000000000000020d    R10: ffffa923cf6ec138  R11: ffff9bbcdf5c3e83  R12: ffff9ba4d6f928c0    R13: ffff9ba4cac28080  R14: ffff9ba4cb11b7f0  R15: ffff9ba4d5a30000    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 漏洞公开时间：2024-02-28 17:15:38
 漏洞创建时间：2024-02-28 19:31:43
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-47015
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c |  |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47015-c2ae@gregkh/T/#u | https://bugzilla.redhat.com/show_bug.cgi?id=2266760 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
      In the Linux kernel, the following vulnerability has been resolved:bnxt_en: Fix RX consumer index logic in the error path.In bnxt_rx_pkt(), the RX buffers are expected to complete in order.If the RX consumer index indicates an out of order buffer completion,it means we are hitting a hardware bug and the driver will abort allremaining RX packets and reset the RX ring.  The RX consumer indexthat we pass to bnxt_discard_rx() is not correct.  We should bepassing the current index (tmp_raw_cons) instead of the old index(raw_cons).  This bug can cause us to be at the wrong index whentrying to abort the next RX packet.  It can crash like this: #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007 #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232 #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978 #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0 #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24 #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12 #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5    [exception RIP: bnxt_rx_pkt+237]    RIP: ffffffffc0259cdd  RSP: ffff9bbcdf5c3d98  RFLAGS: 00010213    RAX: 000000005dd8097f  RBX: ffff9ba4cb11b7e0  RCX: ffffa923cf6e9000    RDX: 0000000000000fff  RSI: 0000000000000627  RDI: 0000000000001000    RBP: ffff9bbcdf5c3e60   R8: 0000000000420003   R9: 000000000000020d    R10: ffffa923cf6ec138  R11: ffff9bbcdf5c3e83  R12: ffff9ba4d6f928c0    R13: ffff9ba4cac28080  R14: ffff9ba4cb11b7f0  R15: ffff9ba4d5a30000    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018  
 openEuler评分：
  6.0
 Vector：CVSS：2.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS(5.10.0):不受影响
4.openEuler-22.03-LTS-SP1(5.10.0):不受影响
5.openEuler-22.03-LTS-SP2(5.10.0):不受影响
6.openEuler-22.03-LTS-SP3:不受影响
7.master(6.1.0):不受影响
8.openEuler-22.03-LTS-Next(5.10.0):不受影响
9.openEuler-24.03-LTS:不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS(5.10.0):否
4.openEuler-22.03-LTS-SP1(5.10.0):否
5.openEuler-22.03-LTS-SP2(5.10.0):否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next(5.10.0):否
9.openEuler-24.03-LTS:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1346

src-openEuler/kernel
Closed

Content Risk Flag

Comments (8)

src-openEuler/kernelClosed .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2021-47015

Comments (8)

Search

src-openEuler/kernel
Closed