CVE-2021-47139

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.0-rc3+

Description The vulnerability is related to the hns3 network driver in the Linux kernel. The issue arises when the netdevice is registered before the client initialization is complete, creating a time window between the device being available and usable. If a user attempts to change the channel number or ring parameter during this time, it may cause the hns3 set rx cpu rmap() function to be called twice, resulting in a bug report. The vulnerability can be exploited by calling register netdev() at the end of the hns3 client init() function.

Recommendations To resolve the issue, call register netdev() at the end of the hns3 client init() function. This ensures that the netdevice is registered only after the client initialization is complete, preventing the time window that allows the vulnerability to be exploited.