{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2021-47127",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-03-04T18:12:48.839Z",
        "datePublished": "2024-03-15T20:14:31.658Z",
        "dateUpdated": "2024-09-11T17:32:52.269Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:02:33.786Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: track AF_XDP ZC enabled queues in bitmap\n\nCommit c7a219048e45 (\"ice: Remove xsk_buff_pool from VSI structure\")\nsilently introduced a regression and broke the Tx side of AF_XDP in copy\nmode. xsk_pool on ice_ring is set only based on the existence of the XDP\nprog on the VSI which in turn picks ice_clean_tx_irq_zc to be executed.\nThat is not something that should happen for copy mode as it should use\nthe regular data path ice_clean_tx_irq.\n\nThis results in a following splat when xdpsock is run in txonly or l2fwd\nscenarios in copy mode:\n\n<snip>\n[  106.050195] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[  106.057269] #PF: supervisor read access in kernel mode\n[  106.062493] #PF: error_code(0x0000) - not-present page\n[  106.067709] PGD 0 P4D 0\n[  106.070293] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  106.074721] CPU: 61 PID: 0 Comm: swapper/61 Not tainted 5.12.0-rc2+ #45\n[  106.081436] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[  106.092027] RIP: 0010:xp_raw_get_dma+0x36/0x50\n[  106.096551] Code: 74 14 48 b8 ff ff ff ff ff ff 00 00 48 21 f0 48 c1 ee 30 48 01 c6 48 8b 87 90 00 00 00 48 89 f2 81 e6 ff 0f 00 00 48 c1 ea 0c <48> 8b 04 d0 48 83 e0 fe 48 01 f0 c3 66 66 2e 0f 1f 84 00 00 00 00\n[  106.115588] RSP: 0018:ffffc9000d694e50 EFLAGS: 00010206\n[  106.120893] RAX: 0000000000000000 RBX: ffff88984b8c8a00 RCX: ffff889852581800\n[  106.128137] RDX: 0000000000000006 RSI: 0000000000000000 RDI: ffff88984cd8b800\n[  106.135383] RBP: ffff888123b50001 R08: ffff889896800000 R09: 0000000000000800\n[  106.142628] R10: 0000000000000000 R11: ffffffff826060c0 R12: 00000000000000ff\n[  106.149872] R13: 0000000000000000 R14: 0000000000000040 R15: ffff888123b50018\n[  106.157117] FS:  0000000000000000(0000) GS:ffff8897e0f40000(0000) knlGS:0000000000000000\n[  106.165332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  106.171163] CR2: 0000000000000030 CR3: 000000000560a004 CR4: 00000000007706e0\n[  106.178408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  106.185653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  106.192898] PKRU: 55555554\n[  106.195653] Call Trace:\n[  106.198143]  <IRQ>\n[  106.200196]  ice_clean_tx_irq_zc+0x183/0x2a0 [ice]\n[  106.205087]  ice_napi_poll+0x3e/0x590 [ice]\n[  106.209356]  __napi_poll+0x2a/0x160\n[  106.212911]  net_rx_action+0xd6/0x200\n[  106.216634]  __do_softirq+0xbf/0x29b\n[  106.220274]  irq_exit_rcu+0x88/0xc0\n[  106.223819]  common_interrupt+0x7b/0xa0\n[  106.227719]  </IRQ>\n[  106.229857]  asm_common_interrupt+0x1e/0x40\n</snip>\n\nFix this by introducing the bitmap of queues that are zero-copy enabled,\nwhere each bit, corresponding to a queue id that xsk pool is being\nconfigured on, will be set/cleared within ice_xsk_pool_{en,dis}able and\nchecked within ice_xsk_pool(). The latter is a function used for\ndeciding which napi poll routine is executed.\nIdea is being taken from our other drivers such as i40e and ixgbe."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ice/ice.h",
                        "drivers/net/ethernet/intel/ice/ice_lib.c",
                        "drivers/net/ethernet/intel/ice/ice_xsk.c"
                    ],
                    "versions": [
                        {
                            "version": "c7a219048e45",
                            "lessThan": "1d34fa4fcf06",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "c7a219048e45",
                            "lessThan": "e102db780e1c",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ice/ice.h",
                        "drivers/net/ethernet/intel/ice/ice_lib.c",
                        "drivers/net/ethernet/intel/ice/ice_xsk.c"
                    ],
                    "versions": [
                        {
                            "version": "5.12",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.12",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.12.10",
                            "lessThanOrEqual": "5.12.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.13",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/1d34fa4fcf06649036ba0c97854fcf7a741ee18c"
                },
                {
                    "url": "https://git.kernel.org/stable/c/e102db780e1c14f10c70dafa7684af22a745b51d"
                }
            ],
            "title": "ice: track AF_XDP ZC enabled queues in bitmap",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T05:24:39.881Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/1d34fa4fcf06649036ba0c97854fcf7a741ee18c",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/e102db780e1c14f10c70dafa7684af22a745b51d",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            },
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2021-47127",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T15:55:26.106391Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-11T17:32:52.269Z"
                }
            }
        ]
    }
}