// For flags

CVE-2021-47617

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:

If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch [...].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.

The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable
software notification on empty slots").

Unfortunately in 2020 the infinite loop issue was inadvertently
reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt
race"): The hardirq handler pciehp_isr() clears the PFD bit until
pciehp's power_fault_detected flag is set. That happens in the IRQ
thread pciehp_ist(), which never learns of the event because the hardirq
handler is stuck in an infinite loop. Fix by setting the
power_fault_detected flag already in the hardirq handler.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: pciehp: soluciona el bucle infinito en el controlador IRQ ante un fallo de alimentación. El bit de fallo de alimentación detectado en el registro de estado de la ranura se diferencia de todos los demás eventos de conexión en caliente en que es fijo: solo puede borrarse después de apagar la alimentación de la ranura. Por PCIe r5.0, seg. 6.7.1.8: Si un controlador de energía detecta una falla de energía principal en la ranura de conexión en caliente, debe configurar automáticamente su pestillo interno de falla de energía principal [...]. El bloqueo de fallo de alimentación principal se borra cuando el software corta la alimentación a la ranura de conexión en caliente. La rigidez solía causar tormentas de interrupción y bucles infinitos que se solucionaron en 2009 mediante los commits 5651c48cfafe ("PCI pciehp: solucionar el problema de la tormenta de interrupción por falla de energía") y 99f0169c17f3 ("PCI: pciehp: habilitar la notificación de software en ranuras vacías"). Desafortunadamente, en 2020, el problema del bucle infinito se reintrodujo inadvertidamente mediante el commit 8edf5332c393 ("PCI: pciehp: arreglar carrera de interrupción MSI"): el controlador hardirq pciehp_isr() borra el bit PFD hasta que se establece el indicador power_fault_detected de pciehp. Eso sucede en el hilo IRQ pciehp_ist(), que nunca se entera del evento porque el controlador hardirq está atrapado en un bucle infinito. Para solucionarlo, configure el indicador power_fault_detected que ya está en el controlador hardirq.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-19 CVE Reserved
  • 2024-06-20 CVE Published
  • 2024-09-19 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.19.149 < 4.19.233
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.149 < 4.19.233"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.69 < 5.4.177
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.69 < 5.4.177"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.7 < 5.10.97
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.10.97"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.7 < 5.15.20
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.15.20"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.7 < 5.16.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.16.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.7 < 5.17
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.17"
en
Affected