CVE-2021-47617

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:

If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch [...].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.

The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable
software notification on empty slots").

Unfortunately in 2020 the infinite loop issue was inadvertently
reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt
race"): The hardirq handler pciehp_isr() clears the PFD bit until
pciehp's power_fault_detected flag is set. That happens in the IRQ
thread pciehp_ist(), which never learns of the event because the hardirq
handler is stuck in an infinite loop. Fix by setting the
power_fault_detected flag already in the hardirq handler.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: pciehp: soluciona el bucle infinito en el controlador IRQ ante un fallo de alimentación. El bit de fallo de alimentación detectado en el registro de estado de la ranura se diferencia de todos los demás eventos de conexión en caliente en que es fijo: solo puede borrarse después de apagar la alimentación de la ranura. Por PCIe r5.0, seg. 6.7.1.8: Si un controlador de energía detecta una falla de energía principal en la ranura de conexión en caliente, debe configurar automáticamente su pestillo interno de falla de energía principal [...]. El bloqueo de fallo de alimentación principal se borra cuando el software corta la alimentación a la ranura de conexión en caliente. La rigidez solía causar tormentas de interrupción y bucles infinitos que se solucionaron en 2009 mediante los commits 5651c48cfafe ("PCI pciehp: solucionar el problema de la tormenta de interrupción por falla de energía") y 99f0169c17f3 ("PCI: pciehp: habilitar la notificación de software en ranuras vacías"). Desafortunadamente, en 2020, el problema del bucle infinito se reintrodujo inadvertidamente mediante el commit 8edf5332c393 ("PCI: pciehp: arreglar carrera de interrupción MSI"): el controlador hardirq pciehp_isr() borra el bit PFD hasta que se establece el indicador power_fault_detected de pciehp. Eso sucede en el hilo IRQ pciehp_ist(), que nunca se entera del evento porque el controlador hardirq está atrapado en un bucle infinito. Para solucionarlo, configure el indicador power_fault_detected que ya está en el controlador hardirq.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-19 CVE Reserved
2024-06-20 CVE Published
2024-09-11 CVE Updated
2024-09-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/a8cc52270f3d8e8f4faf01ffd6c4a95bbfb55ba4	Vuln. Introduced
https://git.kernel.org/stable/c/4667358dab9cc07da044d5bc087065545b1000df	Vuln. Introduced
https://git.kernel.org/stable/c/8edf5332c39340b9583cf9cba659eb7ec71f75b5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a	2022-03-08
https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d	2022-02-05
https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9	2022-02-05
https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af	2022-02-05
https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5	2022-02-05
https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12	2021-11-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.149 < 4.19.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.149 < 4.19.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.69 < 5.4.177 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.69 < 5.4.177"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.10.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.10.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.15.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.15.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.16.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.16.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.17"		en		Affected