Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2021-47435: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

SUSE: CVE-2021-47435: SUSE Linux Security Advisory

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/22/2024

Created

08/16/2024

Added

08/09/2024

Modified

08/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to mempool->elements being NULL: task1 task2 do_resume ->do_suspend ->dm_wait_for_completion bio_endio ->clone_endio ->dm_io_dec_pending ->end_io_acct ->wakeup task1 ->dm_swap_table ->__bind ->__bind_mempools ->bioset_exit ->mempool_exit ->free_io [ 67.330330] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ...... [ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO) [ 67.330510] pc : mempool_free+0x70/0xa0 [ 67.330515] lr : mempool_free+0x4c/0xa0 [ 67.330520] sp : ffffff8008013b20 [ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004 [ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8 [ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800 [ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800 [ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80 [ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c [ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd [ 67.330563] x15: 000000000093b41e x14: 0000000000000010 [ 67.330569] x13: 0000000000007f7a x12: 0000000034155555 [ 67.330574] x11: 0000000000000001 x10: 0000000000000001 [ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000 [ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a [ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001 [ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8 [ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970 [ 67.330609] Call trace: [ 67.330616] mempool_free+0x70/0xa0 [ 67.330627] bio_put+0xf8/0x110 [ 67.330638] dec_pending+0x13c/0x230 [ 67.330644] clone_endio+0x90/0x180 [ 67.330649] bio_endio+0x198/0x1b8 [ 67.330655] dec_pending+0x190/0x230 [ 67.330660] clone_endio+0x90/0x180 [ 67.330665] bio_endio+0x198/0x1b8 [ 67.330673] blk_update_request+0x214/0x428 [ 67.330683] scsi_end_request+0x2c/0x300 [ 67.330688] scsi_io_completion+0xa0/0x710 [ 67.330695] scsi_finish_command+0xd8/0x110 [ 67.330700] scsi_softirq_done+0x114/0x148 [ 67.330708] blk_done_softirq+0x74/0xd0 [ 67.330716] __do_softirq+0x18c/0x374 [ 67.330724] irq_exit+0xb4/0xb8 [ 67.330732] __handle_domain_irq+0x84/0xc0 [ 67.330737] gic_handle_irq+0x148/0x1b0 [ 67.330744] el1_irq+0xe8/0x190 [ 67.330753] lpm_cpuidle_enter+0x4f8/0x538 [ 67.330759] cpuidle_enter_state+0x1fc/0x398 [ 67.330764] cpuidle_enter+0x18/0x20 [ 67.330772] do_idle+0x1b4/0x290 [ 67.330778] cpu_startup_entry+0x20/0x28 [ 67.330786] secondary_start_kernel+0x160/0x170 Fix this by: 1) Establishing pointers to 'struct dm_io' members in dm_io_dec_pending() so that they may be passed into end_io_acct() _after_ free_io() is called. 2) Moving end_io_acct() after free_io().

Solution(s)

suse-upgrade-cluster-md-kmp-64kb
suse-upgrade-cluster-md-kmp-azure
suse-upgrade-cluster-md-kmp-default
suse-upgrade-cluster-md-kmp-rt
suse-upgrade-dlm-kmp-64kb
suse-upgrade-dlm-kmp-azure
suse-upgrade-dlm-kmp-default
suse-upgrade-dlm-kmp-rt
suse-upgrade-dtb-allwinner
suse-upgrade-dtb-altera
suse-upgrade-dtb-amazon
suse-upgrade-dtb-amd
suse-upgrade-dtb-amlogic
suse-upgrade-dtb-apm
suse-upgrade-dtb-apple
suse-upgrade-dtb-arm
suse-upgrade-dtb-broadcom
suse-upgrade-dtb-cavium
suse-upgrade-dtb-exynos
suse-upgrade-dtb-freescale
suse-upgrade-dtb-hisilicon
suse-upgrade-dtb-lg
suse-upgrade-dtb-marvell
suse-upgrade-dtb-mediatek
suse-upgrade-dtb-nvidia
suse-upgrade-dtb-qcom
suse-upgrade-dtb-renesas
suse-upgrade-dtb-rockchip
suse-upgrade-dtb-socionext
suse-upgrade-dtb-sprd
suse-upgrade-dtb-xilinx
suse-upgrade-gfs2-kmp-64kb
suse-upgrade-gfs2-kmp-azure
suse-upgrade-gfs2-kmp-default
suse-upgrade-gfs2-kmp-rt
suse-upgrade-kernel-64kb
suse-upgrade-kernel-64kb-devel
suse-upgrade-kernel-64kb-extra
suse-upgrade-kernel-64kb-livepatch-devel
suse-upgrade-kernel-64kb-optional
suse-upgrade-kernel-azure
suse-upgrade-kernel-azure-base
suse-upgrade-kernel-azure-devel
suse-upgrade-kernel-azure-extra
suse-upgrade-kernel-azure-livepatch-devel
suse-upgrade-kernel-azure-optional
suse-upgrade-kernel-azure-vdso
suse-upgrade-kernel-debug
suse-upgrade-kernel-debug-devel
suse-upgrade-kernel-debug-livepatch-devel
suse-upgrade-kernel-debug-vdso
suse-upgrade-kernel-default
suse-upgrade-kernel-default-base
suse-upgrade-kernel-default-base-rebuild
suse-upgrade-kernel-default-devel
suse-upgrade-kernel-default-extra
suse-upgrade-kernel-default-livepatch
suse-upgrade-kernel-default-livepatch-devel
suse-upgrade-kernel-default-man
suse-upgrade-kernel-default-optional
suse-upgrade-kernel-default-vdso
suse-upgrade-kernel-devel
suse-upgrade-kernel-devel-azure
suse-upgrade-kernel-devel-rt
suse-upgrade-kernel-docs
suse-upgrade-kernel-docs-html
suse-upgrade-kernel-kvmsmall
suse-upgrade-kernel-kvmsmall-devel
suse-upgrade-kernel-kvmsmall-livepatch-devel
suse-upgrade-kernel-kvmsmall-vdso
suse-upgrade-kernel-macros
suse-upgrade-kernel-obs-build
suse-upgrade-kernel-obs-qa
suse-upgrade-kernel-preempt
suse-upgrade-kernel-preempt-devel
suse-upgrade-kernel-rt
suse-upgrade-kernel-rt-devel
suse-upgrade-kernel-rt-extra
suse-upgrade-kernel-rt-livepatch
suse-upgrade-kernel-rt-livepatch-devel
suse-upgrade-kernel-rt-optional
suse-upgrade-kernel-rt-vdso
suse-upgrade-kernel-rt_debug
suse-upgrade-kernel-rt_debug-devel
suse-upgrade-kernel-rt_debug-livepatch-devel
suse-upgrade-kernel-rt_debug-vdso
suse-upgrade-kernel-source
suse-upgrade-kernel-source-azure
suse-upgrade-kernel-source-rt
suse-upgrade-kernel-source-vanilla
suse-upgrade-kernel-syms
suse-upgrade-kernel-syms-azure
suse-upgrade-kernel-syms-rt
suse-upgrade-kernel-zfcpdump
suse-upgrade-kselftests-kmp-64kb
suse-upgrade-kselftests-kmp-azure
suse-upgrade-kselftests-kmp-default
suse-upgrade-kselftests-kmp-rt
suse-upgrade-ocfs2-kmp-64kb
suse-upgrade-ocfs2-kmp-azure
suse-upgrade-ocfs2-kmp-default
suse-upgrade-ocfs2-kmp-rt
suse-upgrade-reiserfs-kmp-64kb
suse-upgrade-reiserfs-kmp-azure
suse-upgrade-reiserfs-kmp-default
suse-upgrade-reiserfs-kmp-rt

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2021-47435: SUSE Linux Security Advisory

SUSE: CVE-2021-47435: SUSE Linux Security Advisory

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.