CVE-2021-47382

s390/qeth: fix deadlock during failing recovery

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

s390/qeth: fix deadlock during failing recovery

Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed
taking discipline_mutex inside qeth_do_reset(), fixing potential
deadlocks. An error path was missed though, that still takes
discipline_mutex and thus has the original deadlock potential.

Intermittent deadlocks were seen when a qeth channel path is configured
offline, causing a race between qeth_do_reset and ccwgroup_remove.
Call qeth_set_offline() directly in the qeth_do_reset() error case and
then a new variant of ccwgroup_set_offline(), without taking
discipline_mutex.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/qeth: arreglar el punto muerto durante la recuperación fallida. La confirmación 0b9902c1fcc5 ("s390/qeth: arreglar el punto muerto durante la recuperación") se eliminó tomando discipline_mutex dentro de qeth_do_reset(), solucionando posibles puntos muertos. Sin embargo, se omitió una ruta de error que todavía requiere discipline_mutex y, por lo tanto, tiene el potencial de bloqueo original. Se observaron interbloqueos intermitentes cuando la ruta de un canal qeth se configura fuera de línea, lo que provocó una ejecución entre qeth_do_reset y ccwgroup_remove. Llame a qeth_set_offline() directamente en el caso de error qeth_do_reset() y luego a una nueva variante de ccwgroup_set_offline(), sin tomar discipline_mutex.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/b41b554c1ee75070a14c02a88496b1f231c7eacc	Vuln. Introduced
https://git.kernel.org/stable/c/af0c184ea106051e428b5a0b5f2dfd31cbc54c52	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0bfe741741327822d1482c7edef0184636d08b40	2021-10-07
https://git.kernel.org/stable/c/d2b59bd4b06d84a4eadb520b0f71c62fe8ec0a62	2021-09-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.14.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.14.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.8 Search vendor "Linux" for product "Linux Kernel" and version "5.10.8"		en		Affected