CVE-2021-47077 in Linuxinfo

Summary

by MITRE • 03/02/2024

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Add pointer checks in qedf_update_link_speed()

The following trace was observed:

[ 14.042059] Call Trace:
[ 14.042061]
[ 14.042068] qedf_link_update+0x144/0x1f0 [qedf]
[ 14.042117] qed_link_update+0x5c/0x80 [qed]
[ 14.042135] qed_mcp_handle_link_change+0x2d2/0x410 [qed]
[ 14.042155] ? qed_set_ptt+0x70/0x80 [qed]
[ 14.042170] ? qed_set_ptt+0x70/0x80 [qed]
[ 14.042186] ? qed_rd+0x13/0x40 [qed]
[ 14.042205] qed_mcp_handle_events+0x437/0x690 [qed]
[ 14.042221] ? qed_set_ptt+0x70/0x80 [qed]
[ 14.042239] qed_int_sp_dpc+0x3a6/0x3e0 [qed]
[ 14.042245] tasklet_action_common.isra.14+0x5a/0x100
[ 14.042250] __do_softirq+0xe4/0x2f8
[ 14.042253] irq_exit+0xf7/0x100
[ 14.042255] do_IRQ+0x7f/0xd0
[ 14.042257] common_interrupt+0xf/0xf
[ 14.042259]

API qedf_link_update() is getting called from QED but by that time shost_data is not initialised. This results in a NULL pointer dereference when we try to dereference shost_data while updating supported_speeds.

Add a NULL pointer check before dereferencing shost_data.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 12/11/2024

The vulnerability CVE-2021-47077 represents a critical null pointer dereference issue within the Linux kernel's SCSI subsystem, specifically affecting the qedf driver used for QLogic Ethernet-based Fibre Channel host adapters. This flaw manifests during link speed updates when the qedf_link_update function attempts to access the shost_data structure without proper validation, leading to system instability and potential denial of service conditions. The vulnerability stems from improper initialization sequence where the SCSI host data structure remains uninitialized when the link update function is invoked, creating a scenario where subsequent memory dereference operations fail catastrophically.

The technical implementation of this vulnerability follows a well-defined call chain that begins with qed_mcp_handle_link_change and progresses through multiple kernel subsystems including qed_int_sp_dpc and tasklet execution handlers before reaching the vulnerable qedf_link_update function. This execution path demonstrates how asynchronous interrupt handling and hardware event processing can lead to race conditions where driver functions are called before their prerequisite data structures are properly established. The root cause lies in the absence of proper null pointer validation before accessing the shost_data pointer, which contains critical host-specific configuration data necessary for maintaining proper link speed capabilities.

From an operational perspective, this vulnerability presents significant risks to enterprise storage infrastructure and cloud computing environments that rely on QLogic Fibre Channel adapters for their storage connectivity. The null pointer dereference can result in immediate system crashes, kernel oops messages, and complete service disruption for storage operations. Network administrators and system operators face potential data loss scenarios and extended downtime when systems encounter this condition, particularly in high-availability environments where storage connectivity is critical for business operations. The vulnerability affects systems running Linux kernels with the qedf driver and can be exploited through normal hardware link state changes that trigger the problematic code path.

The mitigation strategy for CVE-2021-47077 involves implementing proper null pointer validation within the qedf_update_link_speed function before accessing the shost_data structure. This approach aligns with CWE-476 which identifies null pointer dereference as a common security weakness in software development practices. The fix requires adding explicit checks to ensure that shost_data is properly initialized before any dereference operations occur, effectively preventing the kernel from attempting to access invalid memory addresses. Security practitioners should prioritize patching affected systems and monitor for potential exploitation attempts, as this vulnerability can be triggered through normal system operation without requiring special privileges or user interaction. The remediation process should also include comprehensive testing of storage subsystems to ensure that the fix does not introduce regressions in normal operating conditions and that all link speed update operations function correctly across different hardware configurations.

Reservation

02/29/2024

Disclosure

03/02/2024

Moderation

accepted

CPE

ready

EPSS

0.00225

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!