PT-2021-8079 · Linux+3 · Linux Kernel+3

Published

2021-12-22

·

Updated

2024-08-19

·

CVE-2021-46931

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel version 5.13.0 mlnx
Description The vulnerability is related to the function mlx5e tx reporter dump sq() in the net/mlx5e component of the Linux kernel. This function casts its void * argument to struct mlx5e txqsq *, but in the TX-timeout-recovery flow, the argument is actually of type struct mlx5e tx timeout ctx *. This can lead to a kernel stack overflow and a fatal exception. To fix this bug, a wrapper for mlx5e tx reporter dump sq() should be added, which extracts the sq from struct mlx5e tx timeout ctx and sets it as the TX-timeout-recovery flow dump callback.
Recommendations To resolve the issue, add a wrapper for mlx5e tx reporter dump sq() which extracts the sq from struct mlx5e tx timeout ctx and set it as the TX-timeout-recovery flow dump callback. As a temporary workaround, consider disabling the mlx5e tx reporter dump sq() function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-06317
CVE-2021-46931
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1489-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1465-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1490-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse