CVE-2021-47429
powerpc/64s: Fix unrecoverable MCE calling async handler from NMI
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
powerpc/64s: Fix unrecoverable MCE calling async handler from NMI
The machine check handler is not considered NMI on 64s. The early
handler is the true NMI handler, and then it schedules the
machine_check_exception handler to run when interrupts are enabled.
This works fine except the case of an unrecoverable MCE, where the true
NMI is taken when MSR[RI] is clear, it can not recover, so it calls
machine_check_exception directly so something might be done about it.
Calling an async handler from NMI context can result in irq state and
other things getting corrupted. This can also trigger the BUG at
arch/powerpc/include/asm/interrupt.h:168
BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE));
Fix this by making an _async version of the handler which is called
in the normal case, and a NMI version that is called for unrecoverable
interrupts.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/64s: corrige un MCE irrecuperable que llama al controlador asíncrono desde NMI. El controlador de verificación de la máquina no se considera NMI en 64s. El controlador inicial es el verdadero controlador NMI y luego programa el controlador machine_check_exception para que se ejecute cuando las interrupciones estén habilitadas. Esto funciona bien excepto en el caso de un MCE irrecuperable, donde el NMI verdadero se toma cuando MSR[RI] está claro, no se puede recuperar, por lo que llama a machine_check_exception directamente para que se pueda hacer algo al respecto. Llamar a un controlador asíncrono desde el contexto NMI puede provocar que el estado irq y otras cosas se corrompan. Esto también puede desencadenar el ERROR en arch/powerpc/include/asm/interrupt.h:168 BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE)); Solucione este problema creando una versión _async del controlador que se llama en el caso normal, y una versión NMI que se llama para interrupciones irrecuperables.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/2b43dd7653cca47d297756980846ebbfe8887fa1 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/d7a8e38999fbd6910516e44cb43f9f4317e54f73 | 2021-10-13 | |
https://git.kernel.org/stable/c/f08fb25bc66986b0952724530a640d9970fa52c1 | 2021-10-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-47429 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2282302 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.14.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.14.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15" | en |
Affected
|