cve-2021-47584
Vulnerability from cvelistv5
Published
2024-06-19 14:53
Modified
2024-11-04 12:08
Severity ?
Summary
iocost: Fix divide-by-zero on donation from low hweight cgroup
Impacted products
Vendor Product Version
Linux Linux Version: 5.10
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47584",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T19:43:49.047356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:43:55.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-iocost.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a7c80674538f",
              "status": "affected",
              "version": "f1de2439ec43",
              "versionType": "git"
            },
            {
              "lessThan": "3a1a4eb57417",
              "status": "affected",
              "version": "f1de2439ec43",
              "versionType": "git"
            },
            {
              "lessThan": "edaa26334c11",
              "status": "affected",
              "version": "f1de2439ec43",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-iocost.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niocost: Fix divide-by-zero on donation from low hweight cgroup\n\nThe donation calculation logic assumes that the donor has non-zero\nafter-donation hweight, so the lowest active hweight a donating cgroup can\nhave is 2 so that it can donate 1 while keeping the other 1 for itself.\nEarlier, we only donated from cgroups with sizable surpluses so this\ncondition was always true. However, with the precise donation algorithm\nimplemented, f1de2439ec43 (\"blk-iocost: revamp donation amount\ndetermination\") made the donation amount calculation exact enabling even low\nhweight cgroups to donate.\n\nThis means that in rare occasions, a cgroup with active hweight of 1 can\nenter donation calculation triggering the following warning and then a\ndivide-by-zero oops.\n\n WARNING: CPU: 4 PID: 0 at block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867]\n ...\n RIP: 0010:transfer_surpluses.cold+0x0/0x53\n Code: 92 ff 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff \u003c0f\u003e 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0\n4\n ...\n Call Trace:\n  \u003cIRQ\u003e\n  ioc_timer_fn+0x1043/0x1390\n  call_timer_fn+0xa1/0x2c0\n  __run_timers.part.0+0x1ec/0x2e0\n  run_timer_softirq+0x35/0x70\n ...\n iocg: invalid donation weights in /a/b: active=1 donating=1 after=0\n\nFix it by excluding cgroups w/ active hweight \u003c 2 from donating. Excluding\nthese extreme low hweight donations shouldn\u0027t affect work conservation in\nany meaningful way."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:08:37.857Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472"
        },
        {
          "url": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e"
        }
      ],
      "title": "iocost: Fix divide-by-zero on donation from low hweight cgroup",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47584",
    "datePublished": "2024-06-19T14:53:50.119Z",
    "dateReserved": "2024-05-24T15:11:00.731Z",
    "dateUpdated": "2024-11-04T12:08:37.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47584\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-19T15:15:52.947\",\"lastModified\":\"2024-11-21T06:36:36.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\niocost: Fix divide-by-zero on donation from low hweight cgroup\\n\\nThe donation calculation logic assumes that the donor has non-zero\\nafter-donation hweight, so the lowest active hweight a donating cgroup can\\nhave is 2 so that it can donate 1 while keeping the other 1 for itself.\\nEarlier, we only donated from cgroups with sizable surpluses so this\\ncondition was always true. However, with the precise donation algorithm\\nimplemented, f1de2439ec43 (\\\"blk-iocost: revamp donation amount\\ndetermination\\\") made the donation amount calculation exact enabling even low\\nhweight cgroups to donate.\\n\\nThis means that in rare occasions, a cgroup with active hweight of 1 can\\nenter donation calculation triggering the following warning and then a\\ndivide-by-zero oops.\\n\\n WARNING: CPU: 4 PID: 0 at block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867]\\n ...\\n RIP: 0010:transfer_surpluses.cold+0x0/0x53\\n Code: 92 ff 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff \u003c0f\u003e 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0\\n4\\n ...\\n Call Trace:\\n  \u003cIRQ\u003e\\n  ioc_timer_fn+0x1043/0x1390\\n  call_timer_fn+0xa1/0x2c0\\n  __run_timers.part.0+0x1ec/0x2e0\\n  run_timer_softirq+0x35/0x70\\n ...\\n iocg: invalid donation weights in /a/b: active=1 donating=1 after=0\\n\\nFix it by excluding cgroups w/ active hweight \u003c 2 from donating. Excluding\\nthese extreme low hweight donations shouldn\u0027t affect work conservation in\\nany meaningful way.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iocost: corrige la divisi\u00f3n por cero en la donaci\u00f3n de un grupo c de bajo peso. La l\u00f3gica de c\u00e1lculo de la donaci\u00f3n supone que el donante tiene un peso posterior a la donaci\u00f3n distinto de cero, por lo que el peso activo m\u00e1s bajo es una donaci\u00f3n. cgroup puede tener 2 para poder donar 1 y conservar el otro para s\u00ed mismo. Anteriormente, solo don\u00e1bamos de grupos comunitarios con excedentes considerables, por lo que esta condici\u00f3n siempre fue cierta. Sin embargo, con el algoritmo de donaci\u00f3n preciso implementado, f1de2439ec43 (\\\"blk-iocost: renovar la determinaci\u00f3n del monto de la donaci\u00f3n\\\") hizo que el c\u00e1lculo del monto de la donaci\u00f3n fuera exacto, permitiendo que incluso los grupos de bajo peso donaran. Esto significa que, en raras ocasiones, un grupo con un peso activo de 1 puede ingresar al c\u00e1lculo de la donaci\u00f3n, lo que genera la siguiente advertencia y luego una divisi\u00f3n por cero. ADVERTENCIA: CPU: 4 PID: 0 en block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867] ... RIP: 0010:transfer_surpluses.cold+0x0/0x53 C\u00f3digo: 92 y siguientes 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff \u0026lt;0f\u0026gt; 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0 4 ... Seguimiento de llamadas:  ioc_timer_fn+0x1043/0x1390 call_timer_fn+0xa1/0x2c0 __run_timers.part.0+0x1ec/0x2e0 run_timer_softirq+0x35/0x70 ... iocg : pesos de donaci\u00f3n no v\u00e1lidos en /a/b: activo=1 donaci\u00f3n=1 despu\u00e9s=0 Corr\u00edjalo excluyendo cgroups con hweight activo \u0026lt; 2 de la donaci\u00f3n. Excluir estas donaciones de peso extremadamente bajo no deber\u00eda afectar la conservaci\u00f3n del trabajo de ninguna manera significativa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.10.88\",\"matchCriteriaId\":\"EB4181F8-6C8B-4641-A13A-D558F76ABA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.11\",\"matchCriteriaId\":\"11274E95-438A-449A-B100-01B2B0046669\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.