CVE-2021-47333
misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
There is an issue with the ASPM(optional) capability checking function.
A device might be attached to root complex directly, in this case,
bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL.
Since alcor_pci_init_check_aspm(priv->parent_pdev) checks the PCI link's
ASPM capability and populate parent_cap_off, which will be used later by
alcor_pci_aspm_ctrl() to dynamically turn on/off device, what we can do
here is to avoid checking the capability if we are on the root complex.
This will make pdev_cap_off 0 and alcor_pci_aspm_ctrl() will simply
return when bring called, effectively disable ASPM for the device.
[ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0
[ 1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40
[ 1.253998] Call Trace:
[ 1.254131] ? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci]
[ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci]
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: misc: alcor_pci: corrige null-ptr-deref cuando no hay un puente PCI. Hay un problema con la función de verificación de capacidad ASPM (opcional). Un dispositivo se puede conectar directamente al complejo root; en este caso, bus->self(bridge) será NULL, por lo tanto, priv->parent_pdev es NULL. Dado que alcor_pci_init_check_aspm(priv->parent_pdev) verifica la capacidad ASPM del enlace PCI y completa parent_cap_off, que será utilizado más adelante por alcor_pci_aspm_ctrl() para encender/apagar dinámicamente el dispositivo, lo que podemos hacer aquí es evitar verificar la capacidad si estamos encendidos. el complejo raíz. Esto hará que pdev_cap_off sea 0 y alcor_pci_aspm_ctrl() simplemente regrese cuando se llame a Bring, deshabilitando efectivamente ASPM para el dispositivo. [1.246492] BUG: desreferencia del puntero NULL del kernel, dirección: 00000000000000c0 [1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40 [1.253998] Seguimiento de llamadas: [1.254131]? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci] [ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci]
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-11-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.134 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.134" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.52 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.52" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.12.19 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.13.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13.4" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.14 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14" | en |
Affected
| ||||||