CVE-2021-47434

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to command ring pointer corruption while aborting a command in the Linux kernel. The command ring pointer is located at [6:63] bits of the command ring control register (CRCR), and control bits like command stop and abort are located at [0:3] bits. When aborting a command, the CRCR is read, the abort bit is set, and then written to the CRCR. However, since the 64-bit write is split into two 32-bit writes, there is a possibility that the xHC command ring is stopped before the upper dword (all zeros) is written, causing xHC to update its internal command ring pointer with all zeros. This results in memory access failures when the command ring is restarted. The issue is fixed by only writing to the lower dword of CRCR where all control bits are located.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.