fkie_cve-2021-47001
Vulnerability from fkie_nvd
Published
2024-02-28 09:15
Modified
2025-04-11 22:15
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs() can post enough Receive WRs to receive their replies. This causes an RNR and the new connection is lost immediately. The race is most clearly exposed when KASAN and disconnect injection are enabled. This slows down rpcrdma_rep_create() enough to allow the send side to post a bunch of RPC Calls before the Receive completion handler can invoke ib_post_recv().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4Patch
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20250411-0001/
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72",
              "versionEndExcluding": "5.10.38",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E",
              "versionEndExcluding": "5.11.22",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B",
              "versionEndExcluding": "5.12.5",
              "versionStartIncluding": "5.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Fix cwnd update ordering\n\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\n\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xprtrdma: corrige el orden de actualizaci\u00f3n de cwnd Despu\u00e9s de una reconexi\u00f3n, el controlador de respuesta abre cwnd (y as\u00ed permite que se env\u00eden m\u00e1s llamadas RPC) /antes/ rpcrdma_post_recvs() puede publicar suficiente recepci\u00f3n WR para recibir sus respuestas. Esto provoca un RNR y la nueva conexi\u00f3n se pierde inmediatamente. La ejecuci\u00f3n se expone m\u00e1s claramente cuando KASAN y la inyecci\u00f3n de desconexi\u00f3n est\u00e1n habilitados. Esto ralentiza rpcrdma_rep_create() lo suficiente como para permitir que el lado de env\u00edo publique un mont\u00f3n de llamadas RPC antes de que el controlador de finalizaci\u00f3n de recepci\u00f3n pueda invocar ib_post_recv()."
    }
  ],
  "id": "CVE-2021-47001",
  "lastModified": "2025-04-11T22:15:28.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-28T09:15:38.213",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20250411-0001/"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.