一、漏洞信息
漏洞编号：CVE-2021-47468
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：0.0 None
Vector：CVSS：3.0/
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:isdn: mISDN: Fix sleeping function called from invalid contextThe driver can call card->isac.release() function from an atomiccontext.Fix this by calling this function after releasing the lock.The following log reveals it:[ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018[ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe[ 44.169574 ] INFO: lockdep is turned off.[ 44.169899 ] irq event stamp: 0[ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0[ 44.170627 ] hardirqs last disabled at (0): [] copy_process+0x132d/0x3e00[ 44.171240 ] softirqs last enabled at (0): [] copy_process+0x135a/0x3e00[ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0[ 44.172318 ] Preemption disabled at:[ 44.172320 ] [] nj_release+0x69/0x500 [netjet][ 44.174441 ] Call Trace:[ 44.174630 ] dump_stack_lvl+0xa8/0xd1[ 44.174912 ] dump_stack+0x15/0x17[ 44.175166 ] ___might_sleep+0x3a2/0x510[ 44.175459 ] ? nj_release+0x69/0x500 [netjet][ 44.175791 ] __might_sleep+0x82/0xe0[ 44.176063 ] ? start_flush_work+0x20/0x7b0[ 44.176375 ] start_flush_work+0x33/0x7b0[ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170[ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0[ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0[ 44.177711 ] __flush_work+0x11a/0x1a0[ 44.177991 ] ? flush_work+0x20/0x20[ 44.178257 ] ? lock_release+0x13c/0x8f0[ 44.178550 ] ? __kasan_check_write+0x14/0x20[ 44.178872 ] ? do_raw_spin_lock+0x148/0x360[ 44.179187 ] ? read_lock_is_recursive+0x20/0x20[ 44.179530 ] ? __kasan_check_read+0x11/0x20[ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900[ 44.180168 ] ? ____kasan_slab_free+0x116/0x140[ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60[ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0[ 44.181189 ] ? kfree+0x13e/0x290[ 44.181438 ] flush_work+0x17/0x20[ 44.181695 ] mISDN_freedchannel+0xe8/0x100[ 44.182006 ] isac_release+0x210/0x260 [mISDNipac][ 44.182366 ] nj_release+0xf6/0x500 [netjet][ 44.182685 ] nj_remove+0x48/0x70 [netjet][ 44.182989 ] pci_device_remove+0xa9/0x250
漏洞公开时间：2024-05-22 15:15:11
漏洞创建时间：2024-05-22 08:31:45
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2021-47468

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：
Reserved.
openEuler评分：
4.7
Vector：CVSS：3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):不受影响
3.openEuler-22.03-LTS-SP4(5.10.0):不受影响
4.master(6.6.0):不受影响
5.openEuler-24.03-LTS(6.6.0):不受影响
6.openEuler-24.03-LTS-Next(6.6.0):不受影响
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.6.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-20.03-LTS-SP4(4.19.90):正常修复
2.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
3.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不存在
5.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不存在
6.openEuler-24.03-LTS(6.6.0):不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响-漏洞代码不存在