CVE-2021-47023

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.0-rc4

Description A vulnerability in the Linux kernel has been resolved, specifically in the net: marvell: prestera module, which handles port event handling on init. The issue arises when port events are handled simultaneously, and the firmware may send an initial port event with a down state, leading to a crash. The crash points to the cancel delayed work() function, which is called when the port is down. To fix the issue, the port stats work is canceled only if the previous port's state was up and running.

Recommendations To resolve the issue, update the Linux kernel to a version later than 5.11.0-rc4. As a temporary workaround, consider disabling the prestera port handle event() function until a patch is available. Restrict access to the vulnerable prestera fw wq workqueue to minimize the risk of exploitation. Avoid using the prestera fw evt work fn function in the affected API endpoint until the issue is resolved.