CVE-2021-47268

21.05.2024, 15:15

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port

A pending hrtimer may expire after the kthread_worker of tcpm port
is destroyed, see below kernel dump when do module unload, fix it
by cancel the 2 hrtimers.

[  111.517018] Unable to handle kernel paging request at virtual address ffff8000118cb880
[  111.518786] blk_update_request: I/O error, dev sda, sector 60061185 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  111.526594] Mem abort info:
[  111.526597]   ESR = 0x96000047
[  111.526600]   EC = 0x25: DABT (current EL), IL = 32 bits
[  111.526604]   SET = 0, FnV = 0
[  111.526607]   EA = 0, S1PTW = 0
[  111.526610] Data abort info:
[  111.526612]   ISV = 0, ISS = 0x00000047
[  111.526615]   CM = 0, WnR = 1
[  111.526619] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041d75000
[  111.526623] [ffff8000118cb880] pgd=10000001bffff003, p4d=10000001bffff003, pud=10000001bfffe003, pmd=10000001bfffa003, pte=0000000000000000
[  111.526642] Internal error: Oops: 96000047 [#1] PREEMPT SMP
[  111.526647] Modules linked in: dwc3_imx8mp dwc3 phy_fsl_imx8mq_usb [last unloaded: tcpci]
[  111.526663] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.13.0-rc4-00927-gebbe9dbd802c-dirty #36
[  111.526670] Hardware name: NXP i.MX8MPlus EVK board (DT)
[  111.526674] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO BTYPE=--)
[  111.526681] pc : queued_spin_lock_slowpath+0x1a0/0x390
[  111.526695] lr : _raw_spin_lock_irqsave+0x88/0xb4
[  111.526703] sp : ffff800010003e20
[  111.526706] x29: ffff800010003e20 x28: ffff00017f380180
[  111.537156] buffer_io_error: 6 callbacks suppressed
[  111.537162] Buffer I/O error on dev sda1, logical block 60040704, async page read
[  111.539932]  x27: ffff00017f3801c0
[  111.539938] x26: ffff800010ba2490 x25: 0000000000000000 x24: 0000000000000001
[  111.543025] blk_update_request: I/O error, dev sda, sector 60061186 op 0x0:(READ) flags 0x0 phys_seg 7 prio class 0
[  111.548304]
[  111.548306] x23: 00000000000000c0 x22: ffff0000c2a9f184 x21: ffff00017f380180
[  111.551374] Buffer I/O error on dev sda1, logical block 60040705, async page read
[  111.554499]
[  111.554503] x20: ffff0000c5f14210 x19: 00000000000000c0 x18: 0000000000000000
[  111.557391] Buffer I/O error on dev sda1, logical block 60040706, async page read
[  111.561218]
[  111.561222] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[  111.564205] Buffer I/O error on dev sda1, logical block 60040707, async page read
[  111.570887] x14: 00000000000000f5 x13: 0000000000000001 x12: 0000000000000040
[  111.570902] x11: ffff0000c05ac6d8
[  111.583420] Buffer I/O error on dev sda1, logical block 60040708, async page read
[  111.588978]  x10: 0000000000000000 x9 : 0000000000040000
[  111.588988] x8 : 0000000000000000
[  111.597173] Buffer I/O error on dev sda1, logical block 60040709, async page read
[  111.605766]  x7 : ffff00017f384880 x6 : ffff8000118cb880
[  111.605777] x5 : ffff00017f384880
[  111.611094] Buffer I/O error on dev sda1, logical block 60040710, async page read
[  111.617086]  x4 : 0000000000000000 x3 : ffff0000c2a9f184
[  111.617096] x2 : ffff8000118cb880
[  111.622242] Buffer I/O error on dev sda1, logical block 60040711, async page read
[  111.626927]  x1 : ffff8000118cb880 x0 : ffff00017f384888
[  111.626938] Call trace:
[  111.626942]  queued_spin_lock_slowpath+0x1a0/0x390
[  111.795809]  kthread_queue_work+0x30/0xc0
[  111.799828]  state_machine_timer_handler+0x20/0x30
[  111.804624]  __hrtimer_run_queues+0x140/0x1e0
[  111.808990]  hrtimer_interrupt+0xec/0x2c0
[  111.813004]  arch_timer_handler_phys+0x38/0x50
[  111.817456]  handle_percpu_devid_irq+0x88/0x150
[  111.821991]  __handle_domain_irq+0x80/0xe0
[  111.826093]  gic_handle_irq+0xc0/0x140
[  111.829848]  el1_irq+0xbc/0x154
[  111.832991]  arch_cpu_idle+0x1c/0x2c
[  111.836572]  default_idle_call+0x24/0x6c
[  111.840497]  do_idle+0x238/0x2ac
[  1
---truncated---

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Linux	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
linux	linux_kernel	5.10 ≤ 𝑥 < 5.10.44
linux	linux_kernel	5.11 ≤ 𝑥 < 5.12.11
linux	linux_kernel	5.13:rc1
linux	linux_kernel	5.13:rc2
linux	linux_kernel	5.13:rc3
linux	linux_kernel	5.13:rc4
linux	linux_kernel	5.13:rc5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
buster	not-affected
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-allwinner-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-aws-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-aws-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-aws-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-aws-hwe

noble	dne
mantic	dne
jammy	dne
focal	dne
xenial	not-affected

linux-azure

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	not-affected

linux-azure-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-azure-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-azure-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-azure-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-azure-edge

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-fde

noble	dne
mantic	dne
jammy	not-affected
focal	ignored

linux-azure-fde-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-azure-fde-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-fde-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-bluefield

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-gcp

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected

linux-gcp-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-gcp-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-gcp-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-gcp-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gcp-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-gcp-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-gcp-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-gcp-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-gke

noble	not-affected
mantic	dne
jammy	not-affected
focal	ignored

linux-gke-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gke-5.15

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gke-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gkeop

noble	dne
mantic	dne
jammy	not-affected
focal	not-affected

linux-gkeop-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-gkeop-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-hwe

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored
xenial	not-affected

linux-hwe-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-hwe-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-hwe-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-hwe-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-hwe-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-hwe-edge

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored

linux-ibm

noble	not-affected
mantic	ignored
jammy	not-affected
focal	not-affected

linux-ibm-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-ibm-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-intel

noble	not-affected
mantic	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-intel-iotg

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-intel-iotg-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-iot

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-kvm

noble	dne
mantic	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

linux-laptop

noble	dne
mantic	not-affected
jammy	dne
focal	dne

linux-lowlatency

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	dne

linux-lowlatency-hwe-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-lowlatency-hwe-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-lts-xenial

noble	dne
mantic	dne
jammy	dne
focal	dne
trusty	not-affected

linux-nvidia

noble	not-affected
mantic	dne
jammy	not-affected
focal	dne

linux-nvidia-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-nvidia-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-nvidia-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oem-5.10

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.14

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.17

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-5.6

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-6.0

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-6.1

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-oem-6.8

noble	not-affected
mantic	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

linux-oracle-5.0

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-oracle-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-oracle-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-raspi

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected

linux-raspi-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-raspi2

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-riscv

noble	not-affected
mantic	not-affected
jammy	ignored
focal	ignored

linux-riscv-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-riscv-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-riscv-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-riscv-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-riscv-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-starfive

noble	dne
mantic	not-affected
jammy	dne
focal	dne

linux-starfive-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-starfive-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-starfive-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-xilinx-zynqmp

noble	dne
mantic	dne
jammy	not-affected
focal	not-affected

References

https://git.kernel.org/stable/c/18eaf0de50eadeeb395b83310b259b21ad8ed0a6

https://git.kernel.org/stable/c/3a13ff7ef4349d70d1d18378d661117dd5af8efe

https://git.kernel.org/stable/c/d0a06696a8a4d99f649240b6f9b8a2e55452ecf5

https://git.kernel.org/stable/c/18eaf0de50eadeeb395b83310b259b21ad8ed0a6

https://git.kernel.org/stable/c/3a13ff7ef4349d70d1d18378d661117dd5af8efe

https://git.kernel.org/stable/c/d0a06696a8a4d99f649240b6f9b8a2e55452ecf5