Linux · Linux Kernel · CVE-2021-47563
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 5.15.0-rc5+
Description:
The issue is related to the ice driver in the Linux kernel, which manages XDP resources shared between ndo bpf op and VSI rebuild flow. When the VSI is being rebuilt, there is a problem with bpf prog refcounting. The ice prepare xdp rings() function is called with vsi->xdp prog as an argument, which is later used by ice vsi assign bpf prog(). This causes the same bpf prog pointers to be swapped, leading to a decrement in refcount when bpf prog put is called. As a result, the bpf prog may be wiped out from the system while the kernel still tries to refer to it.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.