CVE-2021-47587

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the systemport component in the Linux kernel, where the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once, which is the case when using multiple transmit queues. The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges when the driver produces a new descriptor anytime it writes to the WRITE PORT {HI,LO} registers. However, there is some delay in the hardware to re-organize its descriptors, and it is possible that concurrent TX queues eventually break this internal allocation scheme to the point where the length/status part of the descriptor gets used for an incorrect data buffer. This was particularly noticeable when using multiple flows/transmit queues and showed up in interesting ways, such as UDP packets getting a correct UDP header checksum being calculated over an incorrect packet length, and similarly, TCP packets getting an equally correct checksum computed by the hardware over an incorrect packet length.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.