// For flags

CVE-2021-47453

ice: Avoid crash from unnecessary IDA free

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ice: Avoid crash from unnecessary IDA free

In the remove path, there is an attempt to free the aux_idx IDA whether
it was allocated or not. This can potentially cause a crash when
unloading the driver on systems that do not initialize support for RDMA.
But, this free cannot be gated by the status bit for RDMA, since it is
allocated if the driver detects support for RDMA at probe time, but the
driver can enter into a state where RDMA is not supported after the IDA
has been allocated at probe time and this would lead to a memory leak.

Initialize aux_idx to an invalid value and check for a valid value when
unloading to determine if an IDA free is necessary.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ice: Evite fallas por IDA innecesario libre en la ruta de eliminación, hay un intento de liberar el IDA aux_idx, ya sea que esté asignado o no. Potencialmente, esto puede provocar un bloqueo al descargar el controlador en sistemas que no inicializan la compatibilidad con RDMA. Sin embargo, esta liberación no puede ser controlada por el bit de estado para RDMA, ya que se asigna si el controlador detecta soporte para RDMA en el momento de la prueba, pero el controlador puede entrar en un estado en el que RDMA no es compatible después de que se haya asignado el IDA en el momento de la prueba. tiempo y esto provocaría una pérdida de memoria. Inicialice aux_idx con un valor no válido y verifique si hay un valor válido al descargar para determinar si es necesaria una IDA libre.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-21 CVE Reserved
  • 2024-05-22 CVE Published
  • 2024-05-22 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 5.14.15
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.14.15"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 5.15
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15"
en
Affected