| The vulnerability CVE-2021-47215 is a bug in the Linux kernel's mlx5e driver, specifically in the kTLS (Kernel Transport Layer Security) RX resync flow. The issue arises from list corruptions in the TLS contexts that require attention to communicate their resync information to the hardware. This corruption occurs when entries are moved by `resync_handle_seq_match()` before their resync handling is fully completed in NAPI (Network Acceleration Platform Interface). |
| |
| To fix this, the kernel now protects these entries against movements until their resync handling is complete. This vulnerability was introduced in kernel version 5.13 with commit e9ce991bce5b and was fixed in versions 5.15.5 with commit ebeda7a9528a and 5.16 with commit cc4a9cc03faa. |
| |
| The affected file is `drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as individual changes are never tested alone and cherry-picking commits is not supported. However, if updating is impossible, the individual fixes can be found at the specified commit URLs. |
| |
