Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2021 / CVE-2021-47387.json
blob: df49038662b29e54dc95c37c9e4252777600b877 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: schedutil: Use kobject release() method to free sugov_tunables\n\nThe struct sugov_tunables is protected by the kobject, so we can't free\nit directly. Otherwise we would get a call trace like this:\n ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30\n WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100\n Modules linked in:\n CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ #507\n Hardware name: Marvell OcteonTX CN96XX board (DT)\n pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--)\n pc : debug_print_object+0xb8/0x100\n lr : debug_print_object+0xb8/0x100\n sp : ffff80001ecaf910\n x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80\n x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000\n x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20\n x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010\n x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365\n x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69\n x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0\n x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001\n x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000\n x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000\n Call trace:\n debug_print_object+0xb8/0x100\n __debug_check_no_obj_freed+0x1c0/0x230\n debug_check_no_obj_freed+0x20/0x88\n slab_free_freelist_hook+0x154/0x1c8\n kfree+0x114/0x5d0\n sugov_exit+0xbc/0xc0\n cpufreq_exit_governor+0x44/0x90\n cpufreq_set_policy+0x268/0x4a8\n store_scaling_governor+0xe0/0x128\n store+0xc0/0xf0\n sysfs_kf_write+0x54/0x80\n kernfs_fop_write_iter+0x128/0x1c0\n new_sync_write+0xf0/0x190\n vfs_write+0x2d4/0x478\n ksys_write+0x74/0x100\n __arm64_sys_write+0x24/0x30\n invoke_syscall.constprop.0+0x54/0xe0\n do_el0_svc+0x64/0x158\n el0_svc+0x2c/0xb0\n el0t_64_sync_handler+0xb0/0xb8\n el0t_64_sync+0x198/0x19c\n irq event stamp: 5518\n hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8\n hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0\n softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0\n softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8\n\nSo split the original sugov_tunables_free() into two functions,\nsugov_clear_global_tunables() is just used to clear the global_tunables\nand the new sugov_tunables_free() is used as kobj_type::release to\nrelease the sugov_tunables safely."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"kernel/sched/cpufreq_schedutil.c"
],
"versions": [
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "cb4a53ba37532c861a5f3f22803391018a41849a",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "463c46705f321201090b69c4ad5da0cd2ce614c9",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "67c98e023135ff81b8d52998a6fdb8ca0c518d82",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "a7d4fc84404d45d72f4490417e8cc3efa4af93f1",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "8d62aec52a8c5b1d25a2364b243fcc5098a2ede9",
"status": "affected",
"versionType": "git"
},
{
"version": "9bdcb44e391da5c41b98573bf0305a0e0b1c9569",
"lessThan": "e5c6b312ce3cc97e90ea159446e6bfa06645364d",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"kernel/sched/cpufreq_schedutil.c"
],
"versions": [
{
"version": "4.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.285",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.249",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.209",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.151",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.71",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.14.10",
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.9.285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.14.249"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.19.209"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "5.4.151"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "5.10.71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "5.14.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "5.15"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/cb4a53ba37532c861a5f3f22803391018a41849a"
},
{
"url": "https://git.kernel.org/stable/c/463c46705f321201090b69c4ad5da0cd2ce614c9"
},
{
"url": "https://git.kernel.org/stable/c/30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c"
},
{
"url": "https://git.kernel.org/stable/c/67c98e023135ff81b8d52998a6fdb8ca0c518d82"
},
{
"url": "https://git.kernel.org/stable/c/a7d4fc84404d45d72f4490417e8cc3efa4af93f1"
},
{
"url": "https://git.kernel.org/stable/c/8d62aec52a8c5b1d25a2364b243fcc5098a2ede9"
},
{
"url": "https://git.kernel.org/stable/c/e5c6b312ce3cc97e90ea159446e6bfa06645364d"
}
],
"title": "cpufreq: schedutil: Use kobject release() method to free sugov_tunables",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2021-47387",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}