CVE-2021-47619 in Linuxinfo

Summary

by MITRE • 06/20/2024

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix queues reservation for XDP

When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference.

i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12 i40e 0000:87:00.0: setup of MAIN VSI failed

BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:i40e_xdp+0xea/0x1b0 [i40e]
Call Trace: ? i40e_reconfig_rss_queues+0x130/0x130 [i40e]
dev_xdp_install+0x61/0xe0 dev_xdp_attach+0x18a/0x4c0 dev_change_xdp_fd+0x1e6/0x220 do_setlink+0x616/0x1030 ? ahci_port_stop+0x80/0x80 ? ata_qc_issue+0x107/0x1e0 ? lock_timer_base+0x61/0x80 ? __mod_timer+0x202/0x380 rtnl_setlink+0xe5/0x170 ? bpf_lsm_binder_transaction+0x10/0x10 ? security_capable+0x36/0x50 rtnetlink_rcv_msg+0x121/0x350 ? rtnl_calcit.isra.0+0x100/0x100 netlink_rcv_skb+0x50/0xf0 netlink_unicast+0x1d3/0x2a0 netlink_sendmsg+0x22a/0x440 sock_sendmsg+0x5e/0x60 __sys_sendto+0xf0/0x160 ? __sys_getsockname+0x7e/0xc0 ? _copy_from_user+0x3c/0x80 ? __sys_setsockopt+0xc8/0x1a0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f83fa7a39e0

This was caused by PF queue pile fragmentation due to flow director VSI queue being placed right after main VSI. Because of this main VSI was not able to resize its queue allocation for XDP resulting in no queues allocated for main VSI when XDP was turned on.

Fix this by always allocating last queue in PF queue pile for a flow director VSI.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 10/04/2025

The vulnerability identified as CVE-2021-47619 affects the Linux kernel's i40e network driver, specifically addressing an issue with queue reservation when XDP (eXpress Data Path) is configured on systems equipped with X722 NICs and a large number of CPUs. This flaw manifests as a NULL pointer dereference during kernel execution, resulting in system instability and potential denial of service conditions. The root cause stems from improper queue allocation management within the physical function (PF) queue pile structure, where flow director VSIs are positioned immediately after the main VSI, causing allocation conflicts that prevent proper queue setup for XDP operations.

The technical implementation of this vulnerability demonstrates a classic resource management failure within the i40e driver's queue allocation logic. When XDP is enabled on systems with extensive CPU configurations, the driver attempts to configure 256 queues for VSI 0 but encounters a failure with error code -12, indicating insufficient resources. The kernel's call trace reveals that the issue originates from the i40e_xdp function which attempts to access a NULL pointer, specifically at address zero, during the setup process. This occurs because the flow director VSI queue allocation mechanism does not properly account for the sequential placement of queues, leading to fragmentation within the PF queue pile structure.

The operational impact of this vulnerability extends beyond simple system crashes, potentially affecting network performance and availability in high-performance computing environments where XDP is commonly utilized for accelerated packet processing. Attackers could exploit this condition to cause system instability or denial of service by triggering the specific queue allocation scenario that leads to the NULL pointer dereference. The vulnerability particularly affects systems running Linux kernels with i40e drivers where XDP is enabled alongside X722 NICs and multiple CPU configurations, creating a specific attack surface that requires precise environmental conditions to exploit effectively.

The fix implemented addresses the core allocation problem by ensuring that flow director VSIs always utilize the last queue in the PF queue pile rather than positioning them sequentially after the main VSI. This change prevents the fragmentation that causes the queue allocation conflict and allows the main VSI to properly resize its queue allocation when XDP is enabled. The solution aligns with established security practices for resource management and queue allocation within kernel drivers, following principles that prevent resource exhaustion and maintain proper memory access patterns. This patch demonstrates a targeted approach to resolving queue management issues while maintaining backward compatibility and system stability, addressing the underlying CWE-476 (NULL Pointer Dereference) vulnerability through architectural modification rather than simple error handling. The mitigation strategy ensures that queue allocation patterns remain consistent regardless of system configuration, preventing the specific fragmentation scenario that led to the vulnerability condition.

Sources

Do you need the next level of professionalism?

Upgrade your account now!