CVE-2021-47468

isdn: mISDN: Fix sleeping function called from invalid context

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

isdn: mISDN: Fix sleeping function called from invalid context

The driver can call card->isac.release() function from an atomic
context.

Fix this by calling this function after releasing the lock.

The following log reveals it:

[ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018
[ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe
[ 44.169574 ] INFO: lockdep is turned off.
[ 44.169899 ] irq event stamp: 0
[ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[ 44.170627 ] hardirqs last disabled at (0): [<ffffffff814209ed>] copy_process+0x132d/0x3e00
[ 44.171240 ] softirqs last enabled at (0): [<ffffffff81420a1a>] copy_process+0x135a/0x3e00
[ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 44.172318 ] Preemption disabled at:
[ 44.172320 ] [<ffffffffa009b0a9>] nj_release+0x69/0x500 [netjet]
[ 44.174441 ] Call Trace:
[ 44.174630 ] dump_stack_lvl+0xa8/0xd1
[ 44.174912 ] dump_stack+0x15/0x17
[ 44.175166 ] ___might_sleep+0x3a2/0x510
[ 44.175459 ] ? nj_release+0x69/0x500 [netjet]
[ 44.175791 ] __might_sleep+0x82/0xe0
[ 44.176063 ] ? start_flush_work+0x20/0x7b0
[ 44.176375 ] start_flush_work+0x33/0x7b0
[ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170
[ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0
[ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0
[ 44.177711 ] __flush_work+0x11a/0x1a0
[ 44.177991 ] ? flush_work+0x20/0x20
[ 44.178257 ] ? lock_release+0x13c/0x8f0
[ 44.178550 ] ? __kasan_check_write+0x14/0x20
[ 44.178872 ] ? do_raw_spin_lock+0x148/0x360
[ 44.179187 ] ? read_lock_is_recursive+0x20/0x20
[ 44.179530 ] ? __kasan_check_read+0x11/0x20
[ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900
[ 44.180168 ] ? ____kasan_slab_free+0x116/0x140
[ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60
[ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0
[ 44.181189 ] ? kfree+0x13e/0x290
[ 44.181438 ] flush_work+0x17/0x20
[ 44.181695 ] mISDN_freedchannel+0xe8/0x100
[ 44.182006 ] isac_release+0x210/0x260 [mISDNipac]
[ 44.182366 ] nj_release+0xf6/0x500 [netjet]
[ 44.182685 ] nj_remove+0x48/0x70 [netjet]
[ 44.182989 ] pci_device_remove+0xa9/0x250

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: isdn: mISDN: corrige la función de suspensión llamada desde un contexto no válido. El controlador puede llamar a la función card->isac.release() desde un contexto atómico. Solucione este problema llamando a esta función después de liberar el bloqueo. El siguiente registro lo revela: [44.168226] ERROR: función inactiva llamada desde un contexto no válido en kernel/workqueue.c:3018 [44.168941] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, nombre: modprobe [44.169574] INFORMACIÓN: lockdep está desactivado. [ 44.169899 ] sello de evento irq: 0 [ 44.170160 ] hardirqs habilitado por última vez en (0): [<0000000000000000>] 0x0 [ 44.170627 ] hardirqs deshabilitado por última vez en (0): [] copy_process+0x132d/0x3e00 [ 44.171240 ] softirqs habilitado por última vez en (0): [] copy_process+0x135a/0x3e00 [ 44.171852 ] softirqs deshabilitado por última vez en (0): [<00000000000000000>] 0x0 [ 44.172318 ] Preferencia deshabilitada en: [ 44.172320 ] ffa009b0a9>] nj_release +0x69/0x500 [netjet] [ 44.174441 ] Seguimiento de llamadas: [ 44.174630 ] dump_stack_lvl+0xa8/0xd1 [ 44.174912 ] dump_stack+0x15/0x17 [ 44.175166 ] ___might_sleep+0x3a2/0x510 [ 44.175459 ] ? nj_release+0x69/0x500 [netjet] [ 44.175791 ] __might_sleep+0x82/0xe0 [ 44.176063 ] ? start_flush_work+0x20/0x7b0 [ 44.176375 ] start_flush_work+0x33/0x7b0 [ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170 [44.177034]? kasan_quarantine_put+0xaa/0x1f0 [ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177711 ] __flush_work+0x11a/0x1a0 [ 44.177991 ] ? Flush_work+0x20/0x20 [44.178257]? lock_release+0x13c/0x8f0 [44.178550]? __kasan_check_write+0x14/0x20 [44.178872]? do_raw_spin_lock+0x148/0x360 [44.179187]? read_lock_is_recursive+0x20/0x20 [44.179530]? __kasan_check_read+0x11/0x20 [44.179846]? do_raw_spin_unlock+0x55/0x900 [44.180168]? ____kasan_slab_free+0x116/0x140 [44.180505]? _raw_spin_unlock_irqrestore+0x41/0x60 [44.180878]? skb_queue_purge+0x1a3/0x1c0 [44.181189]? kfree+0x13e/0x290 [ 44.181438 ] Flush_work+0x17/0x20 [ 44.181695 ] mISDN_freedchannel+0xe8/0x100 [ 44.182006 ] isac_release+0x210/0x260 [mISDNipac] [ 44.182366 nj _release+0xf6/0x500 [netjet] [ 44.182685 ] nj_remove+0x48/ 0x70 [netjet] [44.182989] pci_device_remove+0xa9/0x250

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-22 CVE Published
2024-05-22 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

CAPEC

References (10)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b	2021-10-27
https://git.kernel.org/stable/c/ef269a8808cb1759245a98a7fe16fceaebad894c	2021-10-27
https://git.kernel.org/stable/c/37e4f57b22cc5ebb3f80cf0f74fdeb487f082367	2021-10-27
https://git.kernel.org/stable/c/a5b34409d3fc52114c828be4adbc30744fa3258b	2021-10-27
https://git.kernel.org/stable/c/4054b869dc263228d30a4755800b78f0f2ba0c89	2021-10-27
https://git.kernel.org/stable/c/9f591cbdbed3d7822b2bdba89b34a6d7b434317d	2021-10-27
https://git.kernel.org/stable/c/f5966ba53013149bcf94e1536644a958dd00a026	2021-10-27
https://git.kernel.org/stable/c/6510e80a0b81b5d814e3aea6297ba42f5e76f73c	2021-10-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47468	2024-08-21
https://bugzilla.redhat.com/show_bug.cgi?id=2282887	2024-08-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.290 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.290"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.288 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.288"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.253 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.253"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.214 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.214"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.156 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.156"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.76 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.14.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15"		en		Affected