PT-2024-11395 · Linux+2 · Linux Kernel+2

Feng Zhou

Published

2021-09-29

Updated

2024-12-24

CVE-2021-47399

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's ixgbe driver is vulnerable to a NULL pointer dereference in the ixgbe xdp setup function. This occurs when the maximum value of num xdp queues is set to nr cpu ids, and the user sets num queues to 63 through ethtool. The code in ixgbe set rss queues sets the queues number, and when the user uses xdp, it leads to a panic. The issue arises from the fact that num rx queues is greater than num xdp queues when running ixgbe xdp setup.

Technical details about exploitation include:

The ixgbe set rss queues function sets the queues number.
The ixgbe xdp setup function leads to a panic when num rx queues is greater than num xdp queues.
The adapter->xdp ring[i]->xsk umem variable is accessed in a loop, leading to the NULL pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-05170

CVE-2021-47399

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2940-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11395 · Linux+2 · Linux Kernel+2

CVE-2021-47399

Weakness Enumeration

Related Identifiers

Affected Products

References · 1730