FKIE_CVE-2021-47271
Vulnerability from fkie_nvd - Published: 2024-05-21 15:15 - Updated: 2026-06-17 04:17
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler
Patch fixes the following critical issue caused by deadlock which has been
detected during testing NCM class:
smp: csd: Detected non-responsive CSD lock (#1) on CPU#0
smp: csd: CSD lock (#1) unresponsive.
....
RIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0
RSP: 0018:ffffbc494011cde0 EFLAGS: 00000002
RAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658
RBP: ffffbc494011cde0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658
R13: ffff9ee8116b4670 R14: 0000000000000246 R15: ffff9ee8116b4658
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0
Call Trace:
<IRQ>
do_raw_spin_lock+0xc0/0xd0
_raw_spin_lock_irqsave+0x95/0xa0
cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci]
usb_ep_queue+0x35/0x110
eth_start_xmit+0x220/0x3d0 [u_ether]
ncm_tx_timeout+0x34/0x40 [usb_f_ncm]
? ncm_free_inst+0x50/0x50 [usb_f_ncm]
__hrtimer_run_queues+0xac/0x440
hrtimer_run_softirq+0x8c/0xb0
__do_softirq+0xcf/0x428
asm_call_irq_on_stack+0x12/0x20
</IRQ>
do_softirq_own_stack+0x61/0x70
irq_exit_rcu+0xc1/0xd0
sysvec_apic_timer_interrupt+0x52/0xb0
asm_sysvec_apic_timer_interrupt+0x12/0x20
RIP: 0010:do_raw_spin_trylock+0x18/0x40
RSP: 0018:ffffbc494138bda8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9ee8116b4658
RBP: ffffbc494138bda8 R08: 0000000000000001 R09: 0000000000000000
R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658
R13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000
_raw_spin_lock+0x3d/0x70
? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]
cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]
? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci]
? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci]
? irq_thread+0xa0/0x1c0
irq_thread_fn+0x28/0x60
irq_thread+0x105/0x1c0
? __kthread_parkme+0x42/0x90
? irq_forced_thread_fn+0x90/0x90
? wake_threads_waitq+0x30/0x30
? irq_thread_check_affinity+0xe0/0xe0
kthread+0x12a/0x160
? kthread_park+0x90/0x90
ret_from_fork+0x22/0x30
The root cause of issue is spin_lock/spin_unlock instruction instead
spin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler
function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.13 | |
| linux | linux_kernel | 5.13 | |
| linux | linux_kernel | 5.13 | |
| linux | linux_kernel | 5.13 | |
| linux | linux_kernel | 5.13 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdnsp-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae746b6f4ce619cf4032fd798a232b010907a397",
"status": "affected",
"version": "3d82904559f4f5a2622db1b21de3edf2eded7664",
"versionType": "git"
},
{
"lessThan": "a9aecef198faae3240921b707bc09b602e966fce",
"status": "affected",
"version": "3d82904559f4f5a2622db1b21de3edf2eded7664",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdnsp-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D627DFB-1E6A-4B08-B68C-D123B4C3D04C",
"versionEndExcluding": "5.12.11",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler\n\nPatch fixes the following critical issue caused by deadlock which has been\ndetected during testing NCM class:\n\nsmp: csd: Detected non-responsive CSD lock (#1) on CPU#0\nsmp: csd: CSD lock (#1) unresponsive.\n....\nRIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0\nRSP: 0018:ffffbc494011cde0 EFLAGS: 00000002\nRAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658\nRBP: ffffbc494011cde0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658\nR13: ffff9ee8116b4670 R14: 0000000000000246 R15: ffff9ee8116b4658\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0\nCall Trace:\n \u003cIRQ\u003e\n do_raw_spin_lock+0xc0/0xd0\n _raw_spin_lock_irqsave+0x95/0xa0\n cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci]\n usb_ep_queue+0x35/0x110\n eth_start_xmit+0x220/0x3d0 [u_ether]\n ncm_tx_timeout+0x34/0x40 [usb_f_ncm]\n ? ncm_free_inst+0x50/0x50 [usb_f_ncm]\n __hrtimer_run_queues+0xac/0x440\n hrtimer_run_softirq+0x8c/0xb0\n __do_softirq+0xcf/0x428\n asm_call_irq_on_stack+0x12/0x20\n \u003c/IRQ\u003e\n do_softirq_own_stack+0x61/0x70\n irq_exit_rcu+0xc1/0xd0\n sysvec_apic_timer_interrupt+0x52/0xb0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\nRIP: 0010:do_raw_spin_trylock+0x18/0x40\nRSP: 0018:ffffbc494138bda8 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9ee8116b4658\nRBP: ffffbc494138bda8 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658\nR13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000\n _raw_spin_lock+0x3d/0x70\n ? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]\n cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci]\n ? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci]\n ? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci]\n ? irq_thread+0xa0/0x1c0\n irq_thread_fn+0x28/0x60\n irq_thread+0x105/0x1c0\n ? __kthread_parkme+0x42/0x90\n ? irq_forced_thread_fn+0x90/0x90\n ? wake_threads_waitq+0x30/0x30\n ? irq_thread_check_affinity+0xe0/0xe0\n kthread+0x12a/0x160\n ? kthread_park+0x90/0x90\n ret_from_fork+0x22/0x30\n\nThe root cause of issue is spin_lock/spin_unlock instruction instead\nspin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler\nfunction."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdnsp: soluciona el problema de interbloqueo en cdnsp_thread_irq_handler. El parche corrige el siguiente problema cr\u00edtico causado por el interbloqueo que se detect\u00f3 durante las pruebas Clase NCM: smp: csd: se detect\u00f3 un bloqueo CSD que no responde ( #1) en CPU#0 smp: csd: el bloqueo CSD (#1) no responde. .... RIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0 RSP: 0018:ffffbc494011cde0 EFLAGS: 00000002 RAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494011cde0 R08: 0000000000000001 R09: 00000000000000000 R 10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: 00000000000000246 R15: ffff9ee8116b4658 CS: 0010 DS: 0 ES: 0000 CR0: 0000000080050033 CR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0 Seguimiento de llamadas: do_raw_spin_lock+0xc0/0xd0 _raw_spin_lock_irqsave + 0x95/0xa0 cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci] usb_ep_queue+0x35/0x110 eth_start_xmit+0x220/0x3d0 [u_ether] ncm_tx_timeout+0x34/0x40 [usb_f_ncm] ? ncm_free_inst+0x50/0x50 [usb_f_ncm] __hrtimer_run_queues+0xac/0x440 hrtimer_run_softirq+0x8c/0xb0 __do_softirq+0xcf/0x428 asm_call_irq_on_stack+0x12/0x20 +0x61/0x70 irq_exit_rcu+0xc1/0xd0 sysvec_apic_timer_interrupt+0x52/0xb0 asm_sysvec_apic_timer_interrupt+0x12 /0x20 RIP: 0010:do_raw_spin_trylock+0x18/0x40 RSP: 0018:ffffbc494138bda8 EFLAGS: 00000246 RAX: 00000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000 000 RDX: 0000000000000001 RSI: 00000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494138bda8 R08: 00000000000000001 R09: 0000000000000000 R10: ffff9ee8116b4670 R11 : 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000 _raw_spin_lock+0x3d/0x70 ? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] ? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci] ? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci] ? irq_thread+0xa0/0x1c0 irq_thread_fn+0x28/0x60 irq_thread+0x105/0x1c0 ? __kthread_parkme+0x42/0x90 ? irq_forced_thread_fn+0x90/0x90? wake_threads_waitq+0x30/0x30? irq_thread_check_affinity+0xe0/0xe0 kthread+0x12a/0x160 ? kthread_park+0x90/0x90 ret_from_fork+0x22/0x30 La causa principal del problema es la instrucci\u00f3n spin_lock/spin_unlock en lugar de spin_lock_irqsave/spin_lock_irqrestore en la funci\u00f3n cdnsp_thread_irq_handler."
}
],
"id": "CVE-2021-47271",
"lastModified": "2026-06-17T04:17:04.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2021-47271",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:57:26.202334Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-05-21T15:15:15.610",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/a9aecef198faae3240921b707bc09b602e966fce"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ae746b6f4ce619cf4032fd798a232b010907a397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/a9aecef198faae3240921b707bc09b602e966fce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ae746b6f4ce619cf4032fd798a232b010907a397"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…