{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2021-47399",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-21T14:58:30.816Z",
        "datePublished": "2024-05-21T15:03:54.714Z",
        "dateUpdated": "2024-08-04T05:39:59.708Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:07:16.562Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup\n\nThe ixgbe driver currently generates a NULL pointer dereference with\nsome machine (online cpus < 63). This is due to the fact that the\nmaximum value of num_xdp_queues is nr_cpu_ids. Code is in\n\"ixgbe_set_rss_queues\"\".\n\nHere's how the problem repeats itself:\nSome machine (online cpus < 63), And user set num_queues to 63 through\nethtool. Code is in the \"ixgbe_set_channels\",\n\tadapter->ring_feature[RING_F_FDIR].limit = count;\n\nIt becomes 63.\n\nWhen user use xdp, \"ixgbe_set_rss_queues\" will set queues num.\n\tadapter->num_rx_queues = rss_i;\n\tadapter->num_tx_queues = rss_i;\n\tadapter->num_xdp_queues = ixgbe_xdp_queues(adapter);\n\nAnd rss_i's value is from\n\tf = &adapter->ring_feature[RING_F_FDIR];\n\trss_i = f->indices = f->limit;\n\nSo \"num_rx_queues\" > \"num_xdp_queues\", when run to \"ixgbe_xdp_setup\",\n\tfor (i = 0; i < adapter->num_rx_queues; i++)\n\t\tif (adapter->xdp_ring[i]->xsk_umem)\n\nIt leads to panic.\n\nCall trace:\n[exception RIP: ixgbe_xdp+368]\nRIP: ffffffffc02a76a0  RSP: ffff9fe16202f8d0  RFLAGS: 00010297\nRAX: 0000000000000000  RBX: 0000000000000020  RCX: 0000000000000000\nRDX: 0000000000000000  RSI: 000000000000001c  RDI: ffffffffa94ead90\nRBP: ffff92f8f24c0c18   R8: 0000000000000000   R9: 0000000000000000\nR10: ffff9fe16202f830  R11: 0000000000000000  R12: ffff92f8f24c0000\nR13: ffff9fe16202fc01  R14: 000000000000000a  R15: ffffffffc02a7530\nORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n 7 [ffff9fe16202f8f0] dev_xdp_install at ffffffffa89fbbcc\n 8 [ffff9fe16202f920] dev_change_xdp_fd at ffffffffa8a08808\n 9 [ffff9fe16202f960] do_setlink at ffffffffa8a20235\n10 [ffff9fe16202fa88] rtnl_setlink at ffffffffa8a20384\n11 [ffff9fe16202fc78] rtnetlink_rcv_msg at ffffffffa8a1a8dd\n12 [ffff9fe16202fcf0] netlink_rcv_skb at ffffffffa8a717eb\n13 [ffff9fe16202fd40] netlink_unicast at ffffffffa8a70f88\n14 [ffff9fe16202fd80] netlink_sendmsg at ffffffffa8a71319\n15 [ffff9fe16202fdf0] sock_sendmsg at ffffffffa89df290\n16 [ffff9fe16202fe08] __sys_sendto at ffffffffa89e19c8\n17 [ffff9fe16202ff30] __x64_sys_sendto at ffffffffa89e1a64\n18 [ffff9fe16202ff38] do_syscall_64 at ffffffffa84042b9\n19 [ffff9fe16202ff50] entry_SYSCALL_64_after_hwframe at ffffffffa8c0008c\n\nSo I fix ixgbe_max_channels so that it will not allow a setting of queues\nto be higher than the num_online_cpus(). And when run to ixgbe_xdp_setup,\ntake the smaller value of num_rx_queues and num_xdp_queues."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c",
                        "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
                    ],
                    "versions": [
                        {
                            "version": "4a9b32f30f80",
                            "lessThan": "20f6c4a31a52",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "4a9b32f30f80",
                            "lessThan": "2744341dd52e",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "4a9b32f30f80",
                            "lessThan": "513e605d7a9c",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c",
                        "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
                    ],
                    "versions": [
                        {
                            "version": "5.0",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.0",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.71",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.14.10",
                            "lessThanOrEqual": "5.14.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/20f6c4a31a525edd9ea6243712b868ba0e4e331e"
                },
                {
                    "url": "https://git.kernel.org/stable/c/2744341dd52e935344ca1b4bf189ba0d182a3e8e"
                },
                {
                    "url": "https://git.kernel.org/stable/c/513e605d7a9ce136886cb42ebb2c40e9a6eb6333"
                }
            ],
            "title": "ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-11T17:42:52.728815Z",
                                "id": "CVE-2021-47399",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-11T17:43:23.295Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T05:39:59.708Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/20f6c4a31a525edd9ea6243712b868ba0e4e331e",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/2744341dd52e935344ca1b4bf189ba0d182a3e8e",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/513e605d7a9ce136886cb42ebb2c40e9a6eb6333",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}